CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2016/09/21 04:06:27
Modified files:
security/dropbear: Makefile distinfo
Log message:
update to dropbear-2016.74, fixes include a format string vulnerability
(CVE-2016-7406) and a problem importing malicious OpenSSH keys (CVE-2016-7407)
both of which could result in arbitrary code running as root in some conditions
(though the worst one requires usernames including '%' which is uncommon with
OpenBSD as adduser and useradd reject this, however it is possible by editing
the password file directly). See https://matt.ucc.asn.au/dropbear/CHANGES for
more details.
