GNU bug report logs -
#71873
[PATCH] gnu: openssh: Update to 9.8p1 [security fixes].
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 71873 in the body.
You can then email your comments to 71873 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#71873; Package
guix-patches.
(Mon, 01 Jul 2024 10:21:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Zheng Junjie <zhengjunjie <at> iscas.ac.cn>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 01 Jul 2024 10:21:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes a critical security bug allowing remote code execution as root:
https://www.openssh.com/txt/release-9.8
This may be CVE-2024-6387 (currently embargoed):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
* gnu/packages/ssh.scm (openssh): Update to 9.8p1.
Change-Id: I32e1001ca4d7f9bfbdad58ddcba58670e151a8cb
---
gnu/packages/ssh.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index ff39aea9ba..f4c80347a1 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -18,6 +18,7 @@
;;; Copyright © 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;; Copyright © 2021 Brice Waegeneire <brice <at> waegenei.re>
;;; Copyright © 2023 Simon Streit <simon <at> netpanic.org>
+;;; Copyright © 2024 Zheng Junjie <873216071 <at> qq.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -198,7 +199,7 @@ (define-public libssh2
(define-public openssh
(package
(name "openssh")
- (version "9.7p1")
+ (version "9.8p1")
(source
(origin
(method url-fetch)
@@ -206,7 +207,7 @@ (define-public openssh
"openssh-" version ".tar.gz"))
(patches (search-patches "openssh-trust-guix-store-directory.patch"))
(sha256
- (base32 "1z9zfw7ndibxwprazlkv1isrh1yplczdin5cziijfanqcvvjc129"))))
+ (base32 "1wrrb8zrfj9wa9nbpx310kl2k05gm4gxsl5hvycx9dbrlc1d12yx"))))
(build-system gnu-build-system)
(arguments
(list
base-commit: ba6460900f052759fe82e4ceb606d25e19f02884
--
2.45.2
Reply sent
to
Jack Hill <jackhill <at> jackhill.us>:
You have taken responsibility.
(Mon, 01 Jul 2024 19:24:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Zheng Junjie <zhengjunjie <at> iscas.ac.cn>:
bug acknowledged by developer.
(Mon, 01 Jul 2024 19:24:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 71873-done <at> debbugs.gnu.org (full text, mbox):
On Mon, 1 Jul 2024, Zheng Junjie wrote:
> Fixes a critical security bug allowing remote code execution as root:
> https://www.openssh.com/txt/release-9.8
>
> This may be CVE-2024-6387 (currently embargoed):
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
>
> * gnu/packages/ssh.scm (openssh): Update to 9.8p1.
>
> Change-Id: I32e1001ca4d7f9bfbdad58ddcba58670e151a8cb
It looks like this was applied in
6522f93ed098fa13f51f6d017035607e26237d31.
Thanks!
Jack
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 30 Jul 2024 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 97 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.