2012.55

2025-03-03 10:41:39 +00:00 · 2012-02-22 22:12:15 +08:00 · 2012-02-22 22:12:15 +08:00 · 4dda424f74
commit 4dda424f74
parent f403c1f18b
3 changed files with 24 additions and 1 deletions
--- a/17
+++ b/17
@ -1,3 +1,20 @@
+2012.55 - Wednesday 22 February 2012
+
+- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
+  made when a command="" authorized_keys restriction was in effect. Possible arbitrary
+  code execution to an authenticated user, and probable bypass of the command="" restriction.
+  CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
+
+- Compile fix, only apply IPV6 socket options if they are available in headers
+  Thanks to Gustavo Zacarias for the patch
+
+- Clear key memory on exit
+
+- Fix minor memory leak in unusual PAM authentication configurations.
+  Thanks to Stathis Voukelatos
+
+- Other small code cleanups
+
 2011.54 - Tuesday 8 November 2011

 - Building statically works again, broke in 0.53 and 0.53.1
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+dropbear (2012.55-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Wed, 22 Feb 2012 22:54:00 +0800
+
 dropbear (2011.54-0.1) unstable; urgency=low

  * New upstream release.
--- a/sysoptions.h
+++ b/sysoptions.h
@ -4,7 +4,7 @@
 *******************************************************************/

 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2011.54"
+#define DROPBEAR_VERSION "2012.55"
 #endif

 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION