add cve and patch link

author: Matt Johnston <matt@ucc.asn.au> 2017-05-20 10:27:29 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2017-05-20 10:27:29 +0800
commit: ea984cfb953fbc75f4287cbce7d5d988c6ccbe37 (patch)
tree: 62d4e6218845d4bf1b14c6c62f21006a7477ef44
parent: f7d38a1b9ccbe6225dcf5959d922b6d073638891 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index b7d55ad..b48638e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@
   dropbear is running with -a (Allow connections to forwarded ports from any host)
   This could potentially allow arbitrary code execution as root by an authenticated user.
   Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
+  CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
 
 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
   Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
@@ -16,6 +17,7 @@
   contents of that file.
   This information disclosure is to an already authenticated user.
   Thanks to Jann Horn of Google Project Zero for reporting this.
+  CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
 
 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
   Thanks to Andrei Gherzan for a patch
author	Matt Johnston <matt@ucc.asn.au>	2017-05-20 10:27:29 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2017-05-20 10:27:29 +0800
commit	ea984cfb953fbc75f4287cbce7d5d988c6ccbe37 (patch)
tree	62d4e6218845d4bf1b14c6c62f21006a7477ef44
parent	f7d38a1b9ccbe6225dcf5959d922b6d073638891 (diff)