]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f4ea85d) | patch
dropbear: upgrade to 2016.72
authorSona Sarmadi <sona.sarmadi@enea.com>
Wed, 14 Sep 2016 12:34:38 +0000 (14:34 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 23 Sep 2016 14:26:30 +0000 (15:26 +0100)
commit5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3
tree75ac0e80ee128240fa9c49cf65c82831edaa4bfbtree | snapshot
parentf4ea85d9c33a18f9e18e789a3399cf2d5c4f8164commit | diff
dropbear: upgrade to 2016.72

The upgrade addresses CVE-2016-3116:

- Validate X11 forwarding input. Could allow bypass of
  authorized_keys command= restrictions,
  found by github.com/tintinweb.
  Thanks for Damien Miller for a patch. CVE-2016-3116

References:
https://matt.ucc.asn.au/dropbear/CHANGES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-core/dropbear/dropbear_2015.71.bb [deleted file] blob | history
meta/recipes-core/dropbear/dropbear_2016.72.bb [new file with mode: 0644] blob
Mirror of the official openembedded-core repository