diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/ssh-agent-double-free.patch | 26 |
4 files changed, 35 insertions, 2 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 2e5545893..7f231bb16 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 27cf2f667b46a99f4469f41bcb8e004834a3d34f | 2 | 421db3656dcafbe810226463bf27a18a0b1c3186 |
3 | 27cf2f667b46a99f4469f41bcb8e004834a3d34f | 3 | 421db3656dcafbe810226463bf27a18a0b1c3186 |
4 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb | 4 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb |
5 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb | 5 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb |
6 | openssh_8.4p1.orig.tar.gz | 6 | openssh_8.4p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 9b1a33ab7..f2be0802c 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,9 @@ | |||
1 | openssh (1:8.4p1-5) UNRELEASED; urgency=medium | ||
2 | |||
3 | * CVE-2021-28041: Fix double free in ssh-agent(1) (closes: #984940). | ||
4 | |||
5 | -- Colin Watson <cjwatson@debian.org> Sat, 13 Mar 2021 09:37:26 +0000 | ||
6 | |||
1 | openssh (1:8.4p1-4) unstable; urgency=medium | 7 | openssh (1:8.4p1-4) unstable; urgency=medium |
2 | 8 | ||
3 | * Avoid using libmd's <sha2.h> even if it's installed (closes: #982705). | 9 | * Avoid using libmd's <sha2.h> even if it's installed (closes: #982705). |
diff --git a/debian/patches/series b/debian/patches/series index 5b00428bc..8f6b09f6f 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -25,3 +25,4 @@ conch-old-privkey-format.patch | |||
25 | revert-ipqos-defaults.patch | 25 | revert-ipqos-defaults.patch |
26 | revert-x32-sandbox-breakage.patch | 26 | revert-x32-sandbox-breakage.patch |
27 | ssh-copy-id-heredoc-syntax.patch | 27 | ssh-copy-id-heredoc-syntax.patch |
28 | ssh-agent-double-free.patch | ||
diff --git a/debian/patches/ssh-agent-double-free.patch b/debian/patches/ssh-agent-double-free.patch new file mode 100644 index 000000000..20ae613cd --- /dev/null +++ b/debian/patches/ssh-agent-double-free.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 421db3656dcafbe810226463bf27a18a0b1c3186 Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin Watson <cjwatson@debian.org> | ||
3 | Date: Sat, 13 Mar 2021 09:35:05 +0000 | ||
4 | Subject: Double free in ssh-agent(1) | ||
5 | |||
6 | Origin: upstream, https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig | ||
7 | Bug-Debian: https://bugs.debian.org/984940 | ||
8 | Last-Update: 2021-03-13 | ||
9 | |||
10 | Patch-Name: ssh-agent-double-free.patch | ||
11 | --- | ||
12 | ssh-agent.c | 1 + | ||
13 | 1 file changed, 1 insertion(+) | ||
14 | |||
15 | diff --git a/ssh-agent.c b/ssh-agent.c | ||
16 | index e1fd1f3f6..48155c96e 100644 | ||
17 | --- a/ssh-agent.c | ||
18 | +++ b/ssh-agent.c | ||
19 | @@ -581,6 +581,7 @@ process_add_identity(SocketEntry *e) | ||
20 | goto err; | ||
21 | } | ||
22 | free(ext_name); | ||
23 | + ext_name = NULL; | ||
24 | break; | ||
25 | default: | ||
26 | error("%s: Unknown constraint %d", __func__, ctype); | ||