Hi Team, do you have any news on this pending security fix? If I can be of any help, please don't hesitate to ask.
Regards, Gerrit. On Tue, Feb 28, 2012 at 10:13:07AM +0000, Gerrit Pape wrote: > On Mon, Feb 27, 2012 at 03:54:11PM +0100, Nico Golde wrote: > > * Gerrit Pape <p...@smarden.org> [2012-02-27 15:48]: > > > Accoring to upstream's changelog, this also affects squeeze. Are you > > > already working on that, or shall I prepare an upload to stable? > > > > If you have the time to prepare stable updates that would be great, we > > currently track this in RT as #3643. > > Please send me the debdiff before uploading. > > Hi, > > oldstable (0.51-1) is not affected. > unstable is fixed with version 2012.55-1. > > For stable, I backported the fix to 0.52, swiftly checked with upstream > (thx Matt), and prepared theses changes (debdiff attached): > > Format: 1.8 > Date: Tue, 28 Feb 2012 09:44:53 +0000 > Source: dropbear > Binary: dropbear > Architecture: source > Version: 0.52-5+squeeze1 > Distribution: stable-security > Urgency: high > Maintainer: Gerrit Pape <p...@smarden.org> > Changed-By: Gerrit Pape <p...@smarden.org> > Description: > dropbear - lightweight SSH2 server and client > Closes: 661150 > Changes: > dropbear (0.52-5+squeeze1) stable-security; urgency=high > . > * debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff: new: > Fix use-after-free bug (CVE-2012-0920) (closes: #661150). > Checksums-Sha1: > 0afb9d944048204f9ee90104334db6bde3f92c69 769 dropbear_0.52-5+squeeze1.dsc > ae927e8b90059a7ba2b2b514d9824c12885b1949 1789901 dropbear_0.52.orig.tar.gz > 78962f1288c833c0609ae1c97557c731465cbb96 5767 > dropbear_0.52-5+squeeze1.diff.gz > Checksums-Sha256: > e51eba0631636c438010b9251603b7f5c9220d442e4cc757f29ff31e3e877dcc 769 > dropbear_0.52-5+squeeze1.dsc > e3a2ca49ed85ce562240c0ac06e2f72826d7e52a83e80d91c067c8b97bf5c108 1789901 > dropbear_0.52.orig.tar.gz > 67e15d4c1663a31d33b50800e169ac82787d2c62276f80186724d4d1a21df91b 5767 > dropbear_0.52-5+squeeze1.diff.gz > Files: > de29b4652687bb752fb28b38398df336 769 net optional > dropbear_0.52-5+squeeze1.dsc > 1c69ec674481d7745452f68f2ea5597e 1789901 net optional > dropbear_0.52.orig.tar.gz > b803c37992f2e7e6e75c5d806917568f 5767 net optional > dropbear_0.52-5+squeeze1.diff.gz > > Regards, Gerrit. > diff -u dropbear-0.52/debian/changelog dropbear-0.52/debian/changelog > --- dropbear-0.52/debian/changelog > +++ dropbear-0.52/debian/changelog > @@ -1,3 +1,10 @@ > +dropbear (0.52-5+squeeze1) stable-security; urgency=high > + > + * debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff: new: > + Fix use-after-free bug (CVE-2012-0920) (closes: #661150). > + > + -- Gerrit Pape <p...@smarden.org> Tue, 28 Feb 2012 09:44:53 +0000 > + > dropbear (0.52-5) unstable; urgency=low > > [ deb...@x.ray.net ] > only in patch2: > unchanged: > --- > dropbear-0.52.orig/debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff > +++ dropbear-0.52/debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff > @@ -0,0 +1,35 @@ > +From d46b781361cae7fdbdc50ad5752d47f786f30a2b Mon Sep 17 00:00:00 2001 > +From: Gerrit Pape <p...@smarden.org> > +Date: Mon, 27 Feb 2012 16:33:55 +0000 > +Subject: [PATCH 3/3] Fix use-after-free bug (CVE-2012-0920) > + > +Fix use-after-free bug that could be triggered if command="..." > +authorized_keys restrictions are used. > + > +This is a backport of the upstream fix in version 2012.55 to version > +0.52 > + https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 > +--- > + svr-authpubkeyoptions.c | 6 ++++-- > + 1 files changed, 4 insertions(+), 2 deletions(-) > + > +diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c > +index 13a179d..324eb47 100644 > +--- a/svr-authpubkeyoptions.c > ++++ b/svr-authpubkeyoptions.c > +@@ -90,8 +90,10 @@ int svr_pubkey_allows_pty() { > + > + /* Set chansession command to the one forced by 'command' public key option > */ > + void svr_pubkey_set_forced_command(struct ChanSess *chansess) { > +- if (ses.authstate.pubkey_options) > +- chansess->cmd = ses.authstate.pubkey_options->forced_command; > ++ if (ses.authstate.pubkey_options) { > ++ m_free(chansess->cmd); > ++ chansess->cmd = > m_strdup(ses.authstate.pubkey_options->forced_command); > ++ } > + } > + > + /* Free potential public key options */ > +-- > +1.7.9.1 > + -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
