Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 7c84bd121a1b6c38092d4f98f29cdadba050b4db https://github.com/NixOS/nixpkgs/commit/7c84bd121a1b6c38092d4f98f29cdadba050b4db Author: Tobias Geerinckx-Rice <m...@tobias.gr> Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M pkgs/tools/networking/dropbear/default.nix Log Message: ----------- dropbear: 2016.73 -> 2016.74 Security fixes: - Message printout was vulnerable to format string injection - dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided - dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v Fixes: - Fix port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses. The bug was introduced in 2015.68 - Fix 100% CPU use while waiting for rekey to complete
_______________________________________________ nix-commits mailing list nix-comm...@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-commits