mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
scarthgap
poky/meta/recipes-connectivity/openssh
History
David Nyström 2142f17368 openssh: fix CVE-2025-61984 
ssh in OpenSSH before 10.1 allows control characters in usernames that
originate from certain possibly untrusted sources, potentially leading
to code execution when a ProxyCommand is used. The untrusted sources
are the command line and %-sequence expansion of a configuration file.

Note:
openssh does not support variable expansion until 10.0, so backport
adapts for this.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-61984

Upstream patch:
35d5917652

(From OE-Core rev: 717d4c7609cdce2cc3a65b7ba69c316fa86a9333)

Signed-off-by: David Nyström <david.nystrom@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-10-24 06:23:40 -07:00
..
openssh
openssh: fix CVE-2025-61984
2025-10-24 06:23:40 -07:00
openssh_9.6p1.bb
openssh: fix CVE-2025-61984
2025-10-24 06:23:40 -07:00