Ubuntu
dropbear package

Merge lp:~jtaylor/ubuntu/lucid/dropbear/2012-0920 into lp:ubuntu/lucid/dropbear

  1. Lucid (10.04)
  2. 2012-0920
  3. Merge into lucid
Proposed by Julian Taylor
Status: Rejected
Rejected by: Martin Pitt
Proposed branch: lp:~jtaylor/ubuntu/lucid/dropbear/2012-0920
Merge into: lp:ubuntu/lucid/dropbear
Diff against target: 71 lines (+47/-1)
3 files modified
debian/changelog (+10/-0)
debian/control (+2/-1)
debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff (+35/-0)
To merge this branch: bzr merge lp:~jtaylor/ubuntu/lucid/dropbear/2012-0920
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+103384@code.launchpad.net

Description of the change

same patch from squeeze applies

To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Based on https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging, the lucid update should use 0.52-4ubuntu0.10.04.1 as the version.

review: Approve

Unmerged revisions

14. By Julian Taylor

* SECURITY UPDATE: remote execution via use after free (LP: #976360)
  - debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff
    backported from https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
    Thanks to Gerrit Pape
  - CVE-2012-0920

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-10-06 01:51:42 +0000
3+++ debian/changelog 2012-04-24 22:02:23 +0000
4@@ -1,3 +1,13 @@
5+dropbear (0.52-4ubuntu1) lucid-security; urgency=low
6+
7+ * SECURITY UPDATE: remote execution via use after free (LP: #976360)
8+ - debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff
9+ backported from https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
10+ Thanks to Gerrit Pape
11+ - CVE-2012-0920
12+
13+ -- Julian Taylor <jtaylor@ubuntu.com> Tue, 24 Apr 2012 22:54:41 +0200
14+
15 dropbear (0.52-4) unstable; urgency=low
16
17 * debian/initramfs/dropbear-hook: allow more than one public key in
18
19=== modified file 'debian/control'
20--- debian/control 2009-09-24 14:37:17 +0000
21+++ debian/control 2012-04-24 22:02:23 +0000
22@@ -1,7 +1,8 @@
23 Source: dropbear
24 Section: net
25 Priority: optional
26-Maintainer: Gerrit Pape <pape@smarden.org>
27+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
28+XSBC-Original-Maintainer: Gerrit Pape <pape@smarden.org>
29 Build-Depends: libz-dev
30 Standards-Version: 3.8.2.0
31
32
33=== added file 'debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff'
34--- debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff 1970-01-01 00:00:00 +0000
35+++ debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff 2012-04-24 22:02:23 +0000
36@@ -0,0 +1,35 @@
37+From d46b781361cae7fdbdc50ad5752d47f786f30a2b Mon Sep 17 00:00:00 2001
38+From: Gerrit Pape <pape@smarden.org>
39+Date: Mon, 27 Feb 2012 16:33:55 +0000
40+Subject: [PATCH 3/3] Fix use-after-free bug (CVE-2012-0920)
41+
42+Fix use-after-free bug that could be triggered if command="..."
43+authorized_keys restrictions are used.
44+
45+This is a backport of the upstream fix in version 2012.55 to version
46+0.52
47+ https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
48+---
49+ svr-authpubkeyoptions.c | 6 ++++--
50+ 1 files changed, 4 insertions(+), 2 deletions(-)
51+
52+diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
53+index 13a179d..324eb47 100644
54+--- a/svr-authpubkeyoptions.c
55++++ b/svr-authpubkeyoptions.c
56+@@ -90,8 +90,10 @@ int svr_pubkey_allows_pty() {
57+
58+ /* Set chansession command to the one forced by 'command' public key option */
59+ void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
60+- if (ses.authstate.pubkey_options)
61+- chansess->cmd = ses.authstate.pubkey_options->forced_command;
62++ if (ses.authstate.pubkey_options) {
63++ m_free(chansess->cmd);
64++ chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
65++ }
66+ }
67+
68+ /* Free potential public key options */
69+--
70+1.7.9.1
71+

Subscribers

People subscribed via source and target branches

to all changes: