1
=== modified file 'debian/changelog'
2
--- debian/changelog	2009-10-06 01:51:42 +0000
3
+++ debian/changelog	2012-04-24 22:02:23 +0000
4
@@ -1,3 +1,13 @@
5
1
dropbear (0.52-4ubuntu1) lucid-security; urgency=low
6
2
7
3
  * SECURITY UPDATE: remote execution via use after free (LP: #976360)
8
4
    - debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff
9
5
      backported from https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
10
6
      Thanks to Gerrit Pape
11
7
    - CVE-2012-0920
12
8
13
9
 -- Julian Taylor <jtaylor@ubuntu.com>  Tue, 24 Apr 2012 22:54:41 +0200
14
10
15
1
dropbear (0.52-4) unstable; urgency=low
11
dropbear (0.52-4) unstable; urgency=low
16
2
12
17
3
  * debian/initramfs/dropbear-hook: allow more than one public key in
13
  * debian/initramfs/dropbear-hook: allow more than one public key in
18
4
14
19
=== modified file 'debian/control'
20
--- debian/control	2009-09-24 14:37:17 +0000
21
+++ debian/control	2012-04-24 22:02:23 +0000
22
@@ -1,7 +1,8 @@
23
1
Source: dropbear
1
Source: dropbear
24
2
Section: net
2
Section: net
25
3
Priority: optional
3
Priority: optional
27
4
Maintainer: Gerrit Pape <pape@smarden.org>
4
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
28
5
XSBC-Original-Maintainer: Gerrit Pape <pape@smarden.org>
29
5
Build-Depends: libz-dev
6
Build-Depends: libz-dev
30
6
Standards-Version: 3.8.2.0
7
Standards-Version: 3.8.2.0
31
7
8
32
8
9
33
=== added file 'debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff'
34
--- debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff	1970-01-01 00:00:00 +0000
35
+++ debian/diff/0003-Fix-use-after-free-bug-CVE-2012-0920.diff	2012-04-24 22:02:23 +0000
36
@@ -0,0 +1,35 @@
37
1
From d46b781361cae7fdbdc50ad5752d47f786f30a2b Mon Sep 17 00:00:00 2001
38
2
From: Gerrit Pape <pape@smarden.org>
39
3
Date: Mon, 27 Feb 2012 16:33:55 +0000
40
4
Subject: [PATCH 3/3] Fix use-after-free bug (CVE-2012-0920)
41
5
42
6
Fix use-after-free bug that could be triggered if command="..."
43
7
authorized_keys restrictions are used.
44
8
45
9
This is a backport of the upstream fix in version 2012.55 to version
46
10
0.52
47
11
 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
48
12
---
49
13
 svr-authpubkeyoptions.c |    6 ++++--
50
14
 1 files changed, 4 insertions(+), 2 deletions(-)
51
15
52
16
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
53
17
index 13a179d..324eb47 100644
54
18
--- a/svr-authpubkeyoptions.c
55
19
+++ b/svr-authpubkeyoptions.c
56
20
@@ -90,8 +90,10 @@ int svr_pubkey_allows_pty() {
57
21
 
58
22
 /* Set chansession command to the one forced by 'command' public key option */
59
23
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
60
24
-	if (ses.authstate.pubkey_options)
61
25
-		chansess->cmd = ses.authstate.pubkey_options->forced_command;
62
26
+	if (ses.authstate.pubkey_options) {
63
27
+		m_free(chansess->cmd);
64
28
+		chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
65
29
+	}
66
30
 }
67
31
 
68
32
 /* Free potential public key options */
69
33
-- 
70
34
1.7.9.1
71
35
Reviewer	Review Type	Date Requested	Status
Jamie Strandboge		2012-04-24	Approve on 2012-04-26
Review via email: mp+103384@code.launchpad.net