The upgrade addresses CVE-2016-3116: - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
References: https://matt.ucc.asn.au/dropbear/CHANGES https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116 Signed-off-by: Sona Sarmadi <[email protected]> --- meta/recipes-core/dropbear/dropbear_2015.71.bb | 5 ----- meta/recipes-core/dropbear/dropbear_2016.72.bb | 4 ++++ 2 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear_2015.71.bb create mode 100644 meta/recipes-core/dropbear/dropbear_2016.72.bb diff --git a/meta/recipes-core/dropbear/dropbear_2015.71.bb b/meta/recipes-core/dropbear/dropbear_2015.71.bb deleted file mode 100644 index 6332579..0000000 --- a/meta/recipes-core/dropbear/dropbear_2015.71.bb +++ /dev/null @@ -1,5 +0,0 @@ -require dropbear.inc - -SRC_URI[md5sum] = "2ccc0a2f3e37ca221db12c5af6a88137" -SRC_URI[sha256sum] = "376214169c0e187ee9f48ae1a99b3f835016ad5b98ede4bfd1cf581deba783af" - diff --git a/meta/recipes-core/dropbear/dropbear_2016.72.bb b/meta/recipes-core/dropbear/dropbear_2016.72.bb new file mode 100644 index 0000000..1385efd --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2016.72.bb @@ -0,0 +1,4 @@ +require dropbear.inc + +SRC_URI[md5sum] = "96226b82725a8cbecad9fc738930d1d2" +SRC_URI[sha256sum] = "9323766d3257699fd7d6e7b282c5a65790864ab32fd09ac73ea3d46c9ca2d681" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
