openssh: Fix CVE-2023-51385 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2024-01-18 13:04:08 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-01-31 03:51:10 -1000
commit	3adc98348b16d8cde41e2dbe05a614039b82e7e7 (patch)
tree	7653b82e84f0579430b4f8aeac631a68f688f583 /scripts/contrib/patchreview.py
parent	8f7ce1acf793adf985d52849ba160912eed78982 (diff)
download	poky-3adc98348b16d8cde41e2dbe05a614039b82e7e7.tar.gz

openssh: Fix CVE-2023-51385

OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. This patch fixes the above issue Link: http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.11.debian.tar.xz Link: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (From OE-Core rev: a0561ca36bd3be8f44d11908caaf8c9ce5f69032) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/contrib/patchreview.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: