[bug#71873] [PATCH] gnu: openssh: Update to 9.8p1 [security fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#71873] [PATCH] gnu: openssh: Update to 9.8p1 [security fixes].
@ 2024-07-01 10:20 Zheng Junjie
  2024-07-01 19:23 ` bug#71873: " Jack Hill
  0 siblings, 1 reply; 2+ messages in thread
From: Zheng Junjie @ 2024-07-01 10:20 UTC (permalink / raw)
  To: 71873

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=y, Size: 1545 bytes --]

Fixes a critical security bug allowing remote code execution as root:
https://www.openssh.com/txt/release-9.8

This may be CVE-2024-6387 (currently embargoed):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387

* gnu/packages/ssh.scm (openssh): Update to 9.8p1.

Change-Id: I32e1001ca4d7f9bfbdad58ddcba58670e151a8cb
---
 gnu/packages/ssh.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index ff39aea9ba..f4c80347a1 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -18,6 +18,7 @@
 ;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
 ;;; Copyright © 2023 Simon Streit <simon@netpanic.org>
+;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -198,7 +199,7 @@ (define-public libssh2
 (define-public openssh
   (package
    (name "openssh")
-   (version "9.7p1")
+   (version "9.8p1")
    (source
     (origin
       (method url-fetch)
@@ -206,7 +207,7 @@ (define-public openssh
                           "openssh-" version ".tar.gz"))
       (patches (search-patches "openssh-trust-guix-store-directory.patch"))
       (sha256
-       (base32 "1z9zfw7ndibxwprazlkv1isrh1yplczdin5cziijfanqcvvjc129"))))
+       (base32 "1wrrb8zrfj9wa9nbpx310kl2k05gm4gxsl5hvycx9dbrlc1d12yx"))))
    (build-system gnu-build-system)
    (arguments
     (list

base-commit: ba6460900f052759fe82e4ceb606d25e19f02884
-- 
2.45.2





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* bug#71873: [PATCH] gnu: openssh: Update to 9.8p1 [security fixes].
  2024-07-01 10:20 [bug#71873] [PATCH] gnu: openssh: Update to 9.8p1 [security fixes] Zheng Junjie
@ 2024-07-01 19:23 ` Jack Hill
  0 siblings, 0 replies; 2+ messages in thread
From: Jack Hill @ 2024-07-01 19:23 UTC (permalink / raw)
  To: Zheng Junjie; +Cc: 71873-done

On Mon, 1 Jul 2024, Zheng Junjie wrote:

> Fixes a critical security bug allowing remote code execution as root:
> https://www.openssh.com/txt/release-9.8
>
> This may be CVE-2024-6387 (currently embargoed):
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
>
> * gnu/packages/ssh.scm (openssh): Update to 9.8p1.
>
> Change-Id: I32e1001ca4d7f9bfbdad58ddcba58670e151a8cb

It looks like this was applied in 
6522f93ed098fa13f51f6d017035607e26237d31.

Thanks!
Jack




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-07-01 19:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-01 10:20 [bug#71873] [PATCH] gnu: openssh: Update to 9.8p1 [security fixes] Zheng Junjie
2024-07-01 19:23 ` bug#71873: " Jack Hill

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).