From 6cd2c4a83cc2baa387d04979b489bee2429cc39d Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 15 Aug 2018 16:28:25 -0400
Subject: gnu: openssh: Don't allow remote username enumeration [fixes
 CVE-2018-15473].

* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
---
 gnu/packages/ssh.scm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/packages/ssh.scm')

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 90205fa93d..876993e166 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -153,6 +153,7 @@ a server that supports the SSH-2 protocol.")
              (method url-fetch)
              (uri (string-append "mirror://openbsd/OpenSSH/portable/"
                                  name "-" version ".tar.gz"))
+             (patches (search-patches "openssh-CVE-2018-15473.patch"))
              (sha256
               (base32
                "13vbbrvj3mmfhj83qyrg5c0ipr6bzw5s65dy4k8gr7p9hkkfffyp"))))
-- 
cgit v1.2.3