From 6cd2c4a83cc2baa387d04979b489bee2429cc39d Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 15 Aug 2018 16:28:25 -0400
Subject: gnu: openssh: Don't allow remote username enumeration [fixes
 CVE-2018-15473].

* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
---
 gnu/local.mk | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 4013803b0b..eb0862448f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -997,6 +997,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/opensmtpd-fix-crash.patch		\
+  %D%/packages/patches/openssh-CVE-2018-15473.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0495.patch	\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0732.patch	\
-- 
cgit v1.2.3