Mercurial > dropbear
comparison CHANGES @ 662:d354464b2aa6 DROPBEAR_2012.55
- Improve CHANGES description
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 23 Feb 2012 21:45:36 +0800 |
| parents | c015af8a71cf |
| children | e698d1a9f428 |
comparison
equal
deleted
inserted
replaced
| 661:c015af8a71cf | 662:d354464b2aa6 |
|---|---|
| 1 2012.55 - Wednesday 22 February 2012 | 1 2012.55 - Wednesday 22 February 2012 |
| 2 | 2 |
| 3 - Security: Fix use-after-free bug that could be triggered when multiple command sessions were | 3 - Security: Fix use-after-free bug that could be triggered if command="..." |
| 4 made when a command="" authorized_keys restriction was in effect. Possible arbitrary | 4 authorized_keys restrictions are used. Could allow arbitrary code execution |
| 5 code execution to an authenticated user, and probable bypass of the command="" restriction. | 5 or bypass of the command="..." restriction to an authenticated user. |
| 6 CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug | 6 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. |
| 7 Thanks to Danny Fullerton of Mantor Organization for reporting | |
| 8 the bug. | |
| 7 | 9 |
| 8 - Compile fix, only apply IPV6 socket options if they are available in headers | 10 - Compile fix, only apply IPV6 socket options if they are available in headers |
| 9 Thanks to Gustavo Zacarias for the patch | 11 Thanks to Gustavo Zacarias for the patch |
| 10 | 12 |
| 11 - Clear key memory on exit | 13 - Overwrite session key memory on exit |
| 12 | 14 |
| 13 - Fix minor memory leak in unusual PAM authentication configurations. | 15 - Fix minor memory leak in unusual PAM authentication configurations. |
| 14 Thanks to Stathis Voukelatos | 16 Thanks to Stathis Voukelatos |
| 15 | 17 |
| 16 - Other small code cleanups | 18 - Other small code cleanups |