Mercurial > dropbear
changeset 661:c015af8a71cf
2012.55
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 22 Feb 2012 22:12:15 +0800 |
| parents | a842469ce8ad |
| children | d354464b2aa6 |
| files | CHANGES debian/changelog sysoptions.h |
| diffstat | 3 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES Wed Feb 22 22:05:24 2012 +0800 +++ b/CHANGES Wed Feb 22 22:12:15 2012 +0800 @@ -1,3 +1,20 @@ +2012.55 - Wednesday 22 February 2012 + +- Security: Fix use-after-free bug that could be triggered when multiple command sessions were + made when a command="" authorized_keys restriction was in effect. Possible arbitrary + code execution to an authenticated user, and probable bypass of the command="" restriction. + CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug + +- Compile fix, only apply IPV6 socket options if they are available in headers + Thanks to Gustavo Zacarias for the patch + +- Clear key memory on exit + +- Fix minor memory leak in unusual PAM authentication configurations. + Thanks to Stathis Voukelatos + +- Other small code cleanups + 2011.54 - Tuesday 8 November 2011 - Building statically works again, broke in 0.53 and 0.53.1
--- a/debian/changelog Wed Feb 22 22:05:24 2012 +0800 +++ b/debian/changelog Wed Feb 22 22:12:15 2012 +0800 @@ -1,3 +1,9 @@ +dropbear (2012.55-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <[email protected]> Wed, 22 Feb 2012 22:54:00 +0800 + dropbear (2011.54-0.1) unstable; urgency=low * New upstream release.
--- a/sysoptions.h Wed Feb 22 22:05:24 2012 +0800 +++ b/sysoptions.h Wed Feb 22 22:12:15 2012 +0800 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2011.54" +#define DROPBEAR_VERSION "2012.55" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION