summaryrefslogtreecommitdiff
path: root/gnu/packages/python-compression.scm
diff options
context:
space:
mode:
authorAshish SHUKLA <ashish.is@lostca.se>2026-04-05 21:37:06 +0200
committerAndreas Enge <andreas@enge.fr>2026-04-23 22:47:10 +0200
commitf8281945549008ef8b5b1932990716ff59d9afbf (patch)
tree0f5ae23033d9441847ef30724d53c5dc8569f3ba /gnu/packages/python-compression.scm
parenta50c44187acf4267824f945eec5e0fc2d47aadfa (diff)
gnu: openssh: Update to 10.3p1 [security-fixes].
Release notes since 10.2p1 (2025-10-10): - 10.3p1 (2026-04-02) <https://www.openssh.org/txt/release-10.3>. Contains fixes for: CVE-2026-35385: A file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). CVE-2026-35386: Command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config. CVE-2026-35387: OpenSSH can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. CVE-2026-35388: OpenSSH before omits connection multiplexing confirmation for proxy-mode multiplexing sessions. CVE-2026-35414: OpenSSH mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. * gnu/packages/ssh.scm (openssh): Update to 10.3p1. Merges: https://codeberg.org/guix/guix/pulls/7695 Change-Id: I9e90c3ef02f567d0f5b2485c4e0bcfaa1a1f31c8 Reviewed-by: Nguyễn Gia Phong <cnx@loang.net> Reviewed-by: Jonas Meeuws <jonas.meeuws@gmail.com> Reviewed-by: Cayetano Santos <csantosb@inventati.org> Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
Diffstat (limited to 'gnu/packages/python-compression.scm')
0 files changed, 0 insertions, 0 deletions