Request 640130: Submit python-paramiko - openSUSE Build Service

This request supersedes: request 640043 (Show diff)

Overview

Request 640130 accepted

- update to 2.4.2
- refresh paramiko-test_extend_timeout.patch
* Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
where hostile clients could trick the server into thinking they were
authenticated without actually submitting valid authentication.
* Modify protocol message handling such that Transport does not respond
to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
* Updated SSHConfig.lookup so it returns
a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
in lieu of dict literals.

Created by mimi_vx over 5 years ago
In state accepted
Package maintainers: mimi_vx and rjschwei
Supersedes 640043

Submit python-paramiko

Comments for request 640130 0

Login required, please login in order to comment

Request History

mimi_vx created request over 5 years ago

- update to 2.4.2
- refresh paramiko-test_extend_timeout.patch
* Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
where hostile clients could trick the server into thinking they were
authenticated without actually submitting valid authentication.
* Modify protocol message handling such that Transport does not respond
to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
* Updated SSHConfig.lookup so it returns
a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
in lieu of dict literals.

scarabeus_iv accepted request over 5 years ago

openSUSE Build Service is sponsored by