Mercurial > dropbear
comparison CHANGES @ 830:b9f0058860f1
- 2013.60, update CHANGES
- Add CVE references to CHANGES
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 16 Oct 2013 22:32:31 +0800 |
| parents | 32862e8283e7 |
| children | e894dbc015ba |
comparison
equal
deleted
inserted
replaced
| 829:4cf61252dfc3 | 830:b9f0058860f1 |
|---|---|
| 1 2013.60 - Wednesday 16 October 2013 | |
| 2 | |
| 3 - Fix "make install" so that it doesn't always install to /bin and /sbin | |
| 4 | |
| 5 - Fix "make install MULTI=1", installing manpages failed | |
| 6 | |
| 7 - Fix "make install" when scp is included since it has no manpage | |
| 8 | |
| 9 - Make --disable-bundled-libtom work | |
| 10 | |
| 1 2013.59 - Friday 4 October 2013 | 11 2013.59 - Friday 4 October 2013 |
| 2 | 12 |
| 3 - Fix crash from -J command | 13 - Fix crash from -J command |
| 4 Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches | 14 Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches |
| 5 | 15 |
| 12 - Send a banner message to report PAM error messages intended for the user | 22 - Send a banner message to report PAM error messages intended for the user |
| 13 Patch from Martin Donnelly | 23 Patch from Martin Donnelly |
| 14 | 24 |
| 15 - Limit the size of decompressed payloads, avoids memory exhaustion denial | 25 - Limit the size of decompressed payloads, avoids memory exhaustion denial |
| 16 of service | 26 of service |
| 17 Thanks to Logan Lamb for reporting and investigating it | 27 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 |
| 18 | 28 |
| 19 - Avoid disclosing existence of valid users through inconsistent delays | 29 - Avoid disclosing existence of valid users through inconsistent delays |
| 20 Thanks to Logan Lamb for reporting | 30 Thanks to Logan Lamb for reporting. CVE-2013-4434 |
| 21 | 31 |
| 22 - Update config.guess and config.sub for newer architectures | 32 - Update config.guess and config.sub for newer architectures |
| 23 | 33 |
| 24 - Avoid segfault in server for locked accounts | 34 - Avoid segfault in server for locked accounts |
| 25 | 35 |
| 316 | 326 |
| 317 0.49 - Fri 23 February 2007 | 327 0.49 - Fri 23 February 2007 |
| 318 | 328 |
| 319 - Security: dbclient previously would prompt to confirm a | 329 - Security: dbclient previously would prompt to confirm a |
| 320 mismatching hostkey but wouldn't warn loudly. It will now | 330 mismatching hostkey but wouldn't warn loudly. It will now |
| 321 exit upon a mismatch. | 331 exit upon a mismatch. CVE-2007-1099 |
| 322 | 332 |
| 323 - Compile fixes, make sure that all variable definitions are at the start | 333 - Compile fixes, make sure that all variable definitions are at the start |
| 324 of a scope. | 334 of a scope. |
| 325 | 335 |
| 326 - Added -P pidfile argument to the server (from Swen Schillig) | 336 - Added -P pidfile argument to the server (from Swen Schillig) |
| 378 - Check that the circular buffer is properly empty before | 388 - Check that the circular buffer is properly empty before |
| 379 closing a channel, which could cause truncated transfers | 389 closing a channel, which could cause truncated transfers |
| 380 (thanks to Tomas Vanek for helping track it down) | 390 (thanks to Tomas Vanek for helping track it down) |
| 381 | 391 |
| 382 - Implement per-IP pre-authentication connection limits | 392 - Implement per-IP pre-authentication connection limits |
| 383 (after some poking from Pablo Fernandez) | 393 (after some poking from Pablo Fernandez) CVE-2006-1206 |
| 384 | 394 |
| 385 - Exit gracefully if trying to connect to as SSH v1 server | 395 - Exit gracefully if trying to connect to as SSH v1 server |
| 386 (reported by Rushi Lala) | 396 (reported by Rushi Lala) |
| 387 | 397 |
| 388 - Only read /dev/random once at startup when in non-inetd mode | 398 - Only read /dev/random once at startup when in non-inetd mode |
| 399 0.47 - Thurs Dec 8 2005 | 409 0.47 - Thurs Dec 8 2005 |
| 400 | 410 |
| 401 - SECURITY: fix for buffer allocation error in server code, could potentially | 411 - SECURITY: fix for buffer allocation error in server code, could potentially |
| 402 allow authenticated users to gain elevated privileges. All multi-user systems | 412 allow authenticated users to gain elevated privileges. All multi-user systems |
| 403 running the server should upgrade (or apply the patch available on the | 413 running the server should upgrade (or apply the patch available on the |
| 404 Dropbear webpage). | 414 Dropbear webpage). CVE-2005-4178 |
| 405 | 415 |
| 406 - Fix channel handling code so that redirecting to /dev/null doesn't use | 416 - Fix channel handling code so that redirecting to /dev/null doesn't use |
| 407 100% CPU. | 417 100% CPU. |
| 408 | 418 |
| 409 - Turn on zlib compression for dbclient. | 419 - Turn on zlib compression for dbclient. |
| 606 0.43 - Fri Jul 16 2004 17:44:54 +0800 | 616 0.43 - Fri Jul 16 2004 17:44:54 +0800 |
| 607 | 617 |
| 608 - SECURITY: Don't try to free() uninitialised variables in DSS verification | 618 - SECURITY: Don't try to free() uninitialised variables in DSS verification |
| 609 code. Thanks to Arne Bernin for pointing out this bug. This is possibly | 619 code. Thanks to Arne Bernin for pointing out this bug. This is possibly |
| 610 exploitable, all users with DSS and pubkey-auth compiled in are advised to | 620 exploitable, all users with DSS and pubkey-auth compiled in are advised to |
| 611 upgrade. | 621 upgrade. CVE-2004-2486 |
| 612 | 622 |
| 613 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. | 623 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. |
| 614 | 624 |
| 615 - Don't go into an infinite loop when portforwarding to servers which don't | 625 - Don't go into an infinite loop when portforwarding to servers which don't |
| 616 send any initial data/banner. Patch from Nikola Vladov | 626 send any initial data/banner. Patch from Nikola Vladov |