./security/dropbear [small SSH server and client]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 2017.75, Package name: dropbear-2017.75
Maintained by: The OpenBSD ports mailing-list
Master sites:
Description
Dropbear is a relatively small SSH server and client, often found
in small environments such as routers and wireless access points.


Filesize: 1585.344 KB
Version History (View Complete History)
  • (2017-05-23) Updated to version: dropbear-2017.75
  • (2016-09-21) Updated to version: dropbear-2016.74
  • (2016-04-07) Package added to openports.se, version dropbear-2016.73 (created)
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2017-05-23 07:44:13 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to dropbear-2017.75
CVE-2017-9078: double-free in server TCP listener cleanup
CVE-2017-9079: information disclosure with ~/.ssh/authorized_keys symlink.
   2017-05-23 07:44:13 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to dropbear-2017.75
CVE-2017-9078: double-free in server TCP listener cleanup
CVE-2017-9079: information disclosure with ~/.ssh/authorized_keys symlink.
   2016-09-21 04:06:27 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to dropbear-2016.74, fixes include a format string vulnerability
(CVE-2016-7406) and a problem importing malicious OpenSSH keys (CVE-2016-7407)
both of which could result in arbitrary code running as root in some conditions
(though the worst one requires usernames including '%' which is uncommon with
OpenBSD as adduser and useradd reject this, however it is possible by editing
the password file directly). See https://matt.ucc.asn.au/dropbear/CHANGES for
more details.
   2016-09-21 04:06:27 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to dropbear-2016.74, fixes include a format string vulnerability
(CVE-2016-7406) and a problem importing malicious OpenSSH keys (CVE-2016-7407)
both of which could result in arbitrary code running as root in some conditions
(though the worst one requires usernames including '%' which is uncommon with
OpenBSD as adduser and useradd reject this, however it is possible by editing
the password file directly). See https://matt.ucc.asn.au/dropbear/CHANGES for
more details.