[gnome-continuous-yocto/gnomeostree-3.22-krogoth: 61/246] dropbear: upgrade to 2016.72
- From: Emmanuele Bassi <ebassi src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-continuous-yocto/gnomeostree-3.22-krogoth: 61/246] dropbear: upgrade to 2016.72
- Date: Thu, 14 Dec 2017 11:53:19 +0000 (UTC)
commit 58538b070384f7ff0a31bba3877ca09b1c790bc4
Author: Sona Sarmadi <sona sarmadi enea com>
Date: Wed Sep 14 14:34:38 2016 +0200
dropbear: upgrade to 2016.72
The upgrade addresses CVE-2016-3116:
- Validate X11 forwarding input. Could allow bypass of
authorized_keys command= restrictions,
found by github.com/tintinweb.
Thanks for Damien Miller for a patch. CVE-2016-3116
References:
https://matt.ucc.asn.au/dropbear/CHANGES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116
(From OE-Core rev: 5ebac39d1d6dcf041e05002c0b8bf18bfb38e6d3)
Signed-off-by: Sona Sarmadi <sona sarmadi enea com>
Signed-off-by: Armin Kuster <akuster808 gmail com>
Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
meta/recipes-core/dropbear/dropbear_2015.71.bb | 5 -----
meta/recipes-core/dropbear/dropbear_2016.72.bb | 4 ++++
2 files changed, 4 insertions(+), 5 deletions(-)
---
diff --git a/meta/recipes-core/dropbear/dropbear_2016.72.bb b/meta/recipes-core/dropbear/dropbear_2016.72.bb
new file mode 100644
index 0000000..1385efd
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2016.72.bb
@@ -0,0 +1,4 @@
+require dropbear.inc
+
+SRC_URI[md5sum] = "96226b82725a8cbecad9fc738930d1d2"
+SRC_URI[sha256sum] = "9323766d3257699fd7d6e7b282c5a65790864ab32fd09ac73ea3d46c9ca2d681"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
