Overview
Request 640130 accepted
- update to 2.4.2
- refresh paramiko-test_extend_timeout.patch
* Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
where hostile clients could trick the server into thinking they were
authenticated without actually submitting valid authentication.
* Modify protocol message handling such that Transport does not respond
to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
* Updated SSHConfig.lookup so it returns
a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
in lieu of dict literals.
Request History
mimi_vx created request
- update to 2.4.2
- refresh paramiko-test_extend_timeout.patch
* Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
where hostile clients could trick the server into thinking they were
authenticated without actually submitting valid authentication.
* Modify protocol message handling such that Transport does not respond
to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
* Updated SSHConfig.lookup so it returns
a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
in lieu of dict literals.
scarabeus_iv accepted request