* New upstream release.
* Fix use-after-free bug that could be triggered if command="..."
authorized_keys restrictions are used. Could allow arbitrary
code execution or bypass of the command="..." restriction to an
authenticated user. This bug affects releases 0.52 onwards.
Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton
of Mantor Organization for reporting the bug.
-- Gerrit Pape <email address hidden> Mon, 27 Feb 2012 14:18:53 +0000
This bug was fixed in the package dropbear - 2012.55-1
---------------
dropbear (2012.55-1) unstable; urgency=high
* New upstream release. d_keys restrictions are used. Could allow arbitrary
* Fix use-after-free bug that could be triggered if command="..."
authorize
code execution or bypass of the command="..." restriction to an
authenticated user. This bug affects releases 0.52 onwards.
Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton
of Mantor Organization for reporting the bug.
-- Gerrit Pape <email address hidden> Mon, 27 Feb 2012 14:18:53 +0000