ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

2012.55

Browse Source
This commit is contained in:
Matt Johnston
2012-02-22 22:12:15 +08:00
parent f403c1f18b
commit 4dda424f74
3 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGES
View File

@@ -1,3 +1,20 @@
2012.55 - Wednesday 22 February 2012
- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
made when a command="" authorized_keys restriction was in effect. Possible arbitrary
code execution to an authenticated user, and probable bypass of the command="" restriction.
CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
- Compile fix, only apply IPV6 socket options if they are available in headers
Thanks to Gustavo Zacarias for the patch
- Clear key memory on exit
- Fix minor memory leak in unusual PAM authentication configurations.
Thanks to Stathis Voukelatos
- Other small code cleanups
2011.54 - Tuesday 8 November 2011
- Building statically works again, broke in 0.53 and 0.53.1