projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8fdedb8)
dropbear: bump version
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 4 Oct 2013 14:54:40 +0000 (16:54 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 4 Oct 2013 14:54:40 +0000 (16:54 +0200)
Fixes two security issues:

- The Dropbear server could be made to consume large amounts
of memory because decompressed packet sizes weren't checked.
Depending on the OS and hardware this might be a denial of
service.

- Valid users could be identified due to timing variations.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/dropbear/dropbear.mk patch | blob | history

diff --git a/package/dropbear/dropbear.mk b/package/dropbear/dropbear.mk
index 34dd79b5f34259e156a146b3b5681804bb7dec34..c4372ca91836d01e3ca02c60dba1657095849a8c 100644 (file)
--- a/package/dropbear/dropbear.mk
+++ b/package/dropbear/dropbear.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DROPBEAR_VERSION = 2013.58
+DROPBEAR_VERSION = 2013.59
 DROPBEAR_SITE = http://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
 DROPBEAR_TARGET_BINS = dbclient dropbearkey dropbearconvert scp ssh