From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [PATCH] package/libssh: security bump to version 0.10.5
Date: Tue, 16 May 2023 08:40:34 +0200 [thread overview]
Message-ID: <20230516064034.220120-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
- CVE-2023-1667: Potential NULL dereference during rekeying with algorithm
guessing
https://www.libssh.org/security/advisories/CVE-2023-1667.txt
- CVE-2023-2283: Authorization bypass in pki_verify_data_signature
https://www.libssh.org/security/advisories/CVE-2023-2283.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libssh/libssh.hash | 4 ++--
package/libssh/libssh.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
index 90bc4c82d8..0d61191842 100644
--- a/package/libssh/libssh.hash
+++ b/package/libssh/libssh.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://www.libssh.org/files/0.10/libssh-0.10.4.tar.xz.asc
+# https://www.libssh.org/files/0.10/libssh-0.10.5.tar.xz.asc
# with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-sha256 07392c54ab61476288d1c1f0a7c557b50211797ad00c34c3af2bbc4dbc4bd97d libssh-0.10.4.tar.xz
+sha256 b60e2ff7f367b9eee2b5634d3a63303ddfede0e6a18dfca88c44a8770e7e4234 libssh-0.10.5.tar.xz
sha256 1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a COPYING
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index 5deb64b82e..3be6c6adaf 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -5,7 +5,7 @@
################################################################################
LIBSSH_VERSION_MAJOR = 0.10
-LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
+LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).5
LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
LIBSSH_LICENSE = LGPL-2.1
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2023-05-16 6:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 6:40 Peter Korsgaard [this message]
2023-05-16 11:59 ` [Buildroot] [PATCH] package/libssh: security bump to version 0.10.5 Peter Korsgaard
2023-06-13 21:46 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516064034.220120-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.