| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2022-46176-07-support-hashed-hostnames.patch | This patch is based on the upstream commit described below, adapted for use in the Debian package by Peter Michael Green. commit 67ae2dcafea5955824b1f390568a5fa109424987 ssh known_hosts: support hashed hostnames =================================================================== |
Eric Huss <eric@huss.org> | no | 2022-12-28 | ||
| disable-vendor.patch | no | |||||
| CVE-2022-46176-01-validate-ssh-host.keys.patch | This patch is based on the upstream commit described below, adapted for use in the Debian package by Peter Michael Green. commit 1387fd4105b242fa2d24ad99d10a5b1af23f293e Validate SSH host keys =================================================================== |
Eric Huss <eric@huss.org> | no | 2022-12-07 | ||
| CVE-2022-46176-02-add-support-for-deserializing-vec-value-string.patch | commit 9f62f8440e9e542f27d60c75be38ac51186c6c32 Add support for deserializing Vec<Value<String>> in config. This adds the ability to track the definition location of a string in a TOML array. diff --git a/src/cargo/util/config/de.rs b/src/cargo/util/config/de.rs index 6fddc7e71f..1408f15b57 100644 |
Eric Huss <eric@huss.org> | no | 2022-12-09 | ||
| CVE-2022-46176-03-support-configuring-ssh-known-hosts.patch | commit 026bda3fb5eddac0df111ee150706f756558a7b3 Support configuring ssh known-hosts via cargo config. diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs index 875dcf63f3..7efea43c3b 100644 |
Eric Huss <eric@huss.org> | no | 2022-12-09 | ||
| CVE-2022-46176-04-add-some-known-hosts-tests-and-fix-comma-bug.patch | commit 302a543ddf3b7621c2f10623862029d35fae7e3c Add some known_hosts tests. This also fixes a bug with the host matching when there are comma-separated hosts. diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs index 7efea43c3b..58e64e7913 100644 |
Eric Huss <eric@huss.org> | no | 2022-12-12 | ||
| CVE-2022-46176-05-remove-let-else.patch | commit cf716fc3c2b0785013b321f08d6cf9e277f89c84 Remove let-else, just use ? propagation. Co-authored-by: Weihang Lo <weihanglo@users.noreply.github.com> diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs index 58e64e7913..f272195306 100644 |
Eric Huss <eric@huss.org> | no | 2022-12-13 | ||
| CVE-2022-46176-06-add-test-for-config-value-in-toml-array.patch | commit 018403ceaf71e205dbec64698bb864f5e094aec8 Add test for config Value in TOML array. diff --git a/tests/testsuite/config.rs b/tests/testsuite/config.rs index b1d07bb405..d1487833f7 100644 |
Eric Huss <eric@huss.org> | no | 2022-12-14 | ||
| CVE-2022-46176-08-eliminate-let-else.patch | This patch eliminates let-else usage in the code introduced to fix CVE-2022-46176 as that construct is not stabalised in the version of rustc currently in Debian. It was written specifical for Debian by Peter Michael Green. =================================================================== |
no |