Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | dropbear: bump to 2019.77 | Konstantin Demin | 2019-03-25 | 1 | -221/+0 |
| | | | | | | | | | | | | | - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> | ||||
* | dropbear: backport upstream fix for CVE-2018-15599 | Hans Dedecker | 2018-08-24 | 1 | -0/+221 |
CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> |