unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH 0/1] openssh: Fix CVE-2015-8325
@ 2016-04-15 18:22 Leo Famulari
  2016-04-15 18:22 ` [PATCH 1/1] gnu: " Leo Famulari
  0 siblings, 1 reply; 6+ messages in thread
From: Leo Famulari @ 2016-04-15 18:22 UTC (permalink / raw)
  To: guix-devel

Debian has applied an upstream patch to fix CVE-2015-8325 [0][1][2] in
OpenSSH [3].

OpenSSH builds and seems to work with this patch.

I can't find any public and "official" announcement of this issue yet.
For example, not from Mitre or OpenSSH themselves, aside from the
OpenSSH commit log. For this reason, I want to wait for an "okay" from
other Guix developers.

Please advise, and feel free to apply the patch yourself if appropriate.

[0]
https://security-tracker.debian.org/tracker/CVE-2015-8325

[1]
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

[2]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325

[3]
http://www.openssh.com/portable.html

Leo Famulari (1):
  gnu: openssh: Fix CVE-2015-8325.

 gnu-system.am                                    |  1 +
 gnu/packages/patches/openssh-CVE-2015-8325.patch | 31 ++++++++++++++++++++++++
 gnu/packages/ssh.scm                             |  3 ++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/openssh-CVE-2015-8325.patch

-- 
2.7.3

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2016-04-17 17:55 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-15 18:22 [PATCH 0/1] openssh: Fix CVE-2015-8325 Leo Famulari
2016-04-15 18:22 ` [PATCH 1/1] gnu: " Leo Famulari
2016-04-15 21:27   ` Ludovic Courtès
2016-04-15 21:47     ` Leo Famulari
2016-04-17 14:26       ` Ludovic Courtès
2016-04-17 17:56         ` Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).