kumquat-buildroot/package/libssh/libssh.hash
Peter Korsgaard a8362e5c85 package/libssh: security bump to version 0.10.6
Fixes the following security issues:

- CVE-2023-6004: Command Injection using malicious hostname in expanded proxycommand
  https://www.libssh.org/security/advisories/CVE-2023-6004.txt

- CVE-2023-48795: Avoid potential downgrade attacks by implementing strict kex
  https://www.libssh.org/security/advisories/CVE-2023-48795.txt

- CVE-2023-6918: Avoid potential use of weak keys in low memory conditions
  by systematically checking return values of MD functions.
  https://www.libssh.org/security/advisories/CVE-2023-6918.txt

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-23 15:14:16 +01:00

6 lines
340 B
Plaintext

# Locally calculated after checking pgp signature
# https://www.libssh.org/files/0.10/libssh-0.10.6.tar.xz.asc
# with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
sha256 1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 libssh-0.10.6.tar.xz
sha256 1656186e951db1c010a8485481fa94587f7e53a26d24976bef97945ad0c4df5a COPYING