From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] openssh: Fix CVE-2015-8325 Date: Fri, 15 Apr 2016 14:22:54 -0400 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34071) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ar8OA-0002tx-K4 for guix-devel@gnu.org; Fri, 15 Apr 2016 14:22:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ar8O6-00005y-AX for guix-devel@gnu.org; Fri, 15 Apr 2016 14:22:42 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:39737) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ar8O6-00005l-4T for guix-devel@gnu.org; Fri, 15 Apr 2016 14:22:38 -0400 Received: from jasmine.fios-router.home (static-98-115-19-163.phlapa.fios.verizon.net [98.115.19.163]) by mail.messagingengine.com (Postfix) with ESMTPA id 5B3E6680291 for ; Fri, 15 Apr 2016 14:22:37 -0400 (EDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Debian has applied an upstream patch to fix CVE-2015-8325 [0][1][2] in OpenSSH [3]. OpenSSH builds and seems to work with this patch. I can't find any public and "official" announcement of this issue yet. For example, not from Mitre or OpenSSH themselves, aside from the OpenSSH commit log. For this reason, I want to wait for an "okay" from other Guix developers. Please advise, and feel free to apply the patch yourself if appropriate. [0] https://security-tracker.debian.org/tracker/CVE-2015-8325 [1] https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325 [3] http://www.openssh.com/portable.html Leo Famulari (1): gnu: openssh: Fix CVE-2015-8325. gnu-system.am | 1 + gnu/packages/patches/openssh-CVE-2015-8325.patch | 31 ++++++++++++++++++++++++ gnu/packages/ssh.scm | 3 ++- 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openssh-CVE-2015-8325.patch -- 2.7.3