-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 27 Feb 2012 14:18:53 +0000 Source: dropbear Binary: dropbear Architecture: source powerpc Version: 2012.55-1 Distribution: unstable Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Gerrit Pape <pape@smarden.org> Description: dropbear - lightweight SSH2 server and client Closes: 661150 Changes: dropbear (2012.55-1) unstable; urgency=high . * New upstream release. * Fix use-after-free bug that could be triggered if command="..." authorized_keys restrictions are used. Could allow arbitrary code execution or bypass of the command="..." restriction to an authenticated user. This bug affects releases 0.52 onwards. Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton of Mantor Organization for reporting the bug. Checksums-Sha1: 5aed0f223e6f5b7d89d2e9dd62e40e7d47fd2c9f 1000 dropbear_2012.55-1.dsc 2c65dd1f423884a38079f5e4386c698015222279 1774927 dropbear_2012.55.orig.tar.gz eb6b94e3f760c5ffbee895ca09667ac676c8cf77 6248 dropbear_2012.55-1.diff.gz 2e76a2c22790b1759084de075731569a3f3b4d16 268548 dropbear_2012.55-1_powerpc.deb Checksums-Sha256: 75facc6fc7bac99a6376f0e1425f9e3bbc7f47874731a71918153e719c149e3d 1000 dropbear_2012.55-1.dsc 808df243c61bb60f2f18fa64bca628cbba0918b2a14139f10e6d59d4ac5a17ce 1774927 dropbear_2012.55.orig.tar.gz 5322be7b2b8643724c9828fdaa7a26bf7728b7da08a244a9690f7b68c33f3ad6 6248 dropbear_2012.55-1.diff.gz 8f5982d27116a5a19d61ef6a6f8c46f964cadd8f7b19d4e36ac6a7a3d08057b0 268548 dropbear_2012.55-1_powerpc.deb Files: 9d128c4ae3294cd74c105320550dd5e9 1000 net optional dropbear_2012.55-1.dsc 44836e5a0419ba12557f9ea46880077e 1774927 net optional dropbear_2012.55.orig.tar.gz 30bdd46c9e4bac9a7784057127188207 6248 net optional dropbear_2012.55-1.diff.gz 89e93b8fc62e09c4fd96a9251d4d1b69 268548 net optional dropbear_2012.55-1_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk9LlxIACgkQGJoyQbxwpv/VsgCfRWfNuJE6RUsrdNiM5GlAZPIZ 5/MAnjxll79GmxnlgS4g7sZDI6Z8WBWS =Yc0b -----END PGP SIGNATURE----- Accepted: dropbear_2012.55-1.diff.gz to main/d/dropbear/dropbear_2012.55-1.diff.gz dropbear_2012.55-1.dsc to main/d/dropbear/dropbear_2012.55-1.dsc dropbear_2012.55-1_powerpc.deb to main/d/dropbear/dropbear_2012.55-1_powerpc.deb dropbear_2012.55.orig.tar.gz to main/d/dropbear/dropbear_2012.55.orig.tar.gz