nixpkgs

History

Tobias Geerinckx-Rice 7c84bd121a dropbear: 2016.73 -> 2016.74 Security fixes: - Message printout was vulnerable to format string injection - dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided - dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v Fixes: - Fix port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses. The bug was introduced in 2015.68 - Fix 100% CPU use while waiting for rekey to complete	2016-07-23 21:29:51 +02:00
..
default.nix	dropbear: 2016.73 -> 2016.74	2016-07-23 21:29:51 +02:00
pass-path.patch	dropbear: pass LD_LIBRARY_PATH through	2015-10-18 18:41:11 +03:00

Tobias Geerinckx-Rice 7c84bd121a

dropbear: 2016.73 -> 2016.74

Security fixes:
- Message printout was vulnerable to format string injection
- dropbearconvert import of OpenSSH keys could run arbitrary code
  as the local dropbearconvert user when parsing malicious key
  files
- dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided
- dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

Fixes:
- Fix port forwarding failure when connecting to domains that have
  both IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete

2016-07-23 21:29:51 +02:00

default.nix

dropbear: 2016.73 -> 2016.74

2016-07-23 21:29:51 +02:00

pass-path.patch

dropbear: pass LD_LIBRARY_PATH through

2015-10-18 18:41:11 +03:00