changeset 661:c015af8a71cf

2012.55
author Matt Johnston <matt@ucc.asn.au>
date Wed, 22 Feb 2012 22:12:15 +0800
parents a842469ce8ad
children d354464b2aa6
files CHANGES debian/changelog sysoptions.h
diffstat 3 files changed, 24 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Wed Feb 22 22:05:24 2012 +0800
+++ b/CHANGES	Wed Feb 22 22:12:15 2012 +0800
@@ -1,3 +1,20 @@
+2012.55 - Wednesday 22 February 2012
+
+- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
+  made when a command="" authorized_keys restriction was in effect. Possible arbitrary
+  code execution to an authenticated user, and probable bypass of the command="" restriction.
+  CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
+
+- Compile fix, only apply IPV6 socket options if they are available in headers
+  Thanks to Gustavo Zacarias for the patch
+
+- Clear key memory on exit
+
+- Fix minor memory leak in unusual PAM authentication configurations.
+  Thanks to Stathis Voukelatos
+
+- Other small code cleanups
+
 2011.54 - Tuesday 8 November 2011
 
 - Building statically works again, broke in 0.53 and 0.53.1
--- a/debian/changelog	Wed Feb 22 22:05:24 2012 +0800
+++ b/debian/changelog	Wed Feb 22 22:12:15 2012 +0800
@@ -1,3 +1,9 @@
+dropbear (2012.55-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <[email protected]>  Wed, 22 Feb 2012 22:54:00 +0800
+
 dropbear (2011.54-0.1) unstable; urgency=low
 
   * New upstream release.
--- a/sysoptions.h	Wed Feb 22 22:05:24 2012 +0800
+++ b/sysoptions.h	Wed Feb 22 22:12:15 2012 +0800
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2011.54"
+#define DROPBEAR_VERSION "2012.55"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION