On 9/14/16 5:34 AM, Sona Sarmadi wrote: > The upgrade addresses CVE-2016-3116: > > - Validate X11 forwarding input. Could allow bypass of > authorized_keys command= restrictions, > found by github.com/tintinweb. > Thanks for Damien Miller for a patch. CVE-2016-3116
thanks, I will pull this into my local staging to build. There is a krogoth-next YP build underway I don't want to stop. regards, Armin > > References: > https://matt.ucc.asn.au/dropbear/CHANGES > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116 > > Signed-off-by: Sona Sarmadi <[email protected]> > --- > meta/recipes-core/dropbear/dropbear_2015.71.bb | 5 ----- > meta/recipes-core/dropbear/dropbear_2016.72.bb | 4 ++++ > 2 files changed, 4 insertions(+), 5 deletions(-) > delete mode 100644 meta/recipes-core/dropbear/dropbear_2015.71.bb > create mode 100644 meta/recipes-core/dropbear/dropbear_2016.72.bb > > diff --git a/meta/recipes-core/dropbear/dropbear_2015.71.bb > b/meta/recipes-core/dropbear/dropbear_2015.71.bb > deleted file mode 100644 > index 6332579..0000000 > --- a/meta/recipes-core/dropbear/dropbear_2015.71.bb > +++ /dev/null > @@ -1,5 +0,0 @@ > -require dropbear.inc > - > -SRC_URI[md5sum] = "2ccc0a2f3e37ca221db12c5af6a88137" > -SRC_URI[sha256sum] = > "376214169c0e187ee9f48ae1a99b3f835016ad5b98ede4bfd1cf581deba783af" > - > diff --git a/meta/recipes-core/dropbear/dropbear_2016.72.bb > b/meta/recipes-core/dropbear/dropbear_2016.72.bb > new file mode 100644 > index 0000000..1385efd > --- /dev/null > +++ b/meta/recipes-core/dropbear/dropbear_2016.72.bb > @@ -0,0 +1,4 @@ > +require dropbear.inc > + > +SRC_URI[md5sum] = "96226b82725a8cbecad9fc738930d1d2" > +SRC_URI[sha256sum] = > "9323766d3257699fd7d6e7b282c5a65790864ab32fd09ac73ea3d46c9ca2d681" -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
