CVSROOT:        /cvs
Module name:    ports
Changes by:   2016/09/21 04:06:27

Modified files:
        security/dropbear: Makefile distinfo 

Log message:
update to dropbear-2016.74, fixes include a format string vulnerability
(CVE-2016-7406) and a problem importing malicious OpenSSH keys (CVE-2016-7407)
both of which could result in arbitrary code running as root in some conditions
(though the worst one requires usernames including '%' which is uncommon with
OpenBSD as adduser and useradd reject this, however it is possible by editing
the password file directly). See for
more details.

Reply via email to