mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-27 11:13:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: fix CVE-2026-35386

Browse Source 
CVE-2026-35386 is already fixed by the existing CVE-2025-61984 backport.

Rename CVE-2025-61984.patch to CVE-2025-61984_CVE-2026-35386.patch and
add the second CVE tag to document that one patch covers both CVEs.

https://nvd.nist.gov/vuln/detail/CVE-2026-35386

(From OE-Core rev: 36ee08f01311253bca4c4f8387446d35a55cc840)

Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Adarsh Jagadish Kamini
2026-06-11 15:50:38 +02:00
committed by Paul Barker
parent 3f378fc245
commit 12249ef220
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-connectivity/openssh/openssh/CVE-2025-61984.patch → meta/recipes-connectivity/openssh/openssh/CVE-2025-61984_CVE-2026-35386.patch
View File

@@ -32,7 +32,7 @@ Slightly modified since variable expansion of user names was
first released in 10.0, commit bd30cf784d6e8"
Upstream-Status: Backport [Upstream commit https://github.com/openssh/openssh-portable/commit/35d5917652106aede47621bb3f64044604164043]
CVE: CVE-2025-61984
CVE: CVE-2025-61984 CVE-2026-35386
Signed-off-by: David Nyström <david.nystrom@est.tech>
---
ssh.c | 26 +++++++++++++++++++++++---

2
meta/recipes-connectivity/openssh/openssh_9.6p1.bb
View File

@@ -33,7 +33,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2025-26465.patch \
file://CVE-2025-32728.patch \
file://CVE-2025-61985.patch \
file://CVE-2025-61984.patch \
file://CVE-2025-61984_CVE-2026-35386.patch \
file://CVE-2026-35385.patch \
file://CVE-2026-35387.patch \
file://CVE-2026-35388.patch \