openssh: fix CVE-2025-61984 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Hitendra Prajapati <hprajapati@mvista.com>	2025-12-08 12:35:05 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-12-12 08:49:37 -0800
commit	9f461395a832f5f3c5b69961cff944058d2fab27 (patch)
tree	de1c6da3abd54313464d3aaaba96f024974a3966 /meta/recipes-devtools/python/python-testtools.inc
parent	0002d5d0826613b7efb2293e9d311f8dec353fb4 (diff)
download	poky-9f461395a832f5f3c5b69961cff944058d2fab27.tar.gz

openssh: fix CVE-2025-61984

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. Note: openssh does not support variable expansion until 10.0, so backport adapts for this. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61984 Upstream-Status: Backport from https://github.com/openssh/openssh-portable/commit/35d5917652106aede47621bb3f64044604164043 (From OE-Core rev: 7ca0c7a4d17c707658669e255689ecd4183c7e9b) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python-testtools.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: