08b9bc2f61
Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.
Some OpenSSH developers don't consider this a security issue:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-fix-pam-uclibc-pthreads-clash.patch | ||
| 0002-fix-howmany-include.patch | ||
| Config.in | ||
| openssh.hash | ||
| openssh.mk | ||
| S50sshd | ||
| sshd.service | ||