diff options
author | Matt Johnston <matt@ucc.asn.au> | 2013-10-16 22:32:31 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2013-10-16 22:32:31 +0800 |
commit | 253cd3b66b1ec49fef3603644e5bb27d758bc7f5 (patch) | |
tree | 80c1865b36c27b2ea7cc0cbb57b2533b63893e2a | |
parent | 920120d05a5b44dba98439994f9eb60485fe91f0 (diff) |
- 2013.60, update CHANGES
- Add CVE references to CHANGES
-rw-r--r-- | CHANGES | 22 | ||||
-rw-r--r-- | sysoptions.h | 2 |
2 files changed, 17 insertions, 7 deletions
@@ -1,3 +1,13 @@ +2013.60 - Wednesday 16 October 2013 + +- Fix "make install" so that it doesn't always install to /bin and /sbin + +- Fix "make install MULTI=1", installing manpages failed + +- Fix "make install" when scp is included since it has no manpage + +- Make --disable-bundled-libtom work + 2013.59 - Friday 4 October 2013 - Fix crash from -J command @@ -14,10 +24,10 @@ - Limit the size of decompressed payloads, avoids memory exhaustion denial of service - Thanks to Logan Lamb for reporting and investigating it + Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 - Avoid disclosing existence of valid users through inconsistent delays - Thanks to Logan Lamb for reporting + Thanks to Logan Lamb for reporting. CVE-2013-4434 - Update config.guess and config.sub for newer architectures @@ -318,7 +328,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default - Security: dbclient previously would prompt to confirm a mismatching hostkey but wouldn't warn loudly. It will now - exit upon a mismatch. + exit upon a mismatch. CVE-2007-1099 - Compile fixes, make sure that all variable definitions are at the start of a scope. @@ -380,7 +390,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default (thanks to Tomas Vanek for helping track it down) - Implement per-IP pre-authentication connection limits - (after some poking from Pablo Fernandez) + (after some poking from Pablo Fernandez) CVE-2006-1206 - Exit gracefully if trying to connect to as SSH v1 server (reported by Rushi Lala) @@ -401,7 +411,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default - SECURITY: fix for buffer allocation error in server code, could potentially allow authenticated users to gain elevated privileges. All multi-user systems running the server should upgrade (or apply the patch available on the - Dropbear webpage). + Dropbear webpage). CVE-2005-4178 - Fix channel handling code so that redirecting to /dev/null doesn't use 100% CPU. @@ -608,7 +618,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default - SECURITY: Don't try to free() uninitialised variables in DSS verification code. Thanks to Arne Bernin for pointing out this bug. This is possibly exploitable, all users with DSS and pubkey-auth compiled in are advised to - upgrade. + upgrade. CVE-2004-2486 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. diff --git a/sysoptions.h b/sysoptions.h index f19608f..f05c4d8 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2013.59" +#define DROPBEAR_VERSION "2013.60" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |