File _patchinfo of Package patchinfo
<patchinfo>
<issue id="845306" tracker="bnc">VUL-0: CVE-2013-4421: dropbear: denial of service and user disclosure fixed in 2013.59</issue>
<issue id="CVE-2013-4421" tracker="cve" />
<issue id="CVE-2013-4434" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>thardeck</packager>
<description> dropbear was updated to version 2013.60 to fix following bugs:
* Fix "make install" so that it doesn't always install to /bin and /sbin
* Fix "make install MULTI=1", installing manpages failed
* Fix "make install" when scp is included since it has no manpage
* Make --disable-bundled-libtom work
- used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421 and CVE-2013-4434
- provided links for download sources
- employed gpg-offline - verify sources
- imported upstream version 2013.59
* Fix crash from -J command
Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches
* Avoid reading too much from /proc/net/rt_cache since that causes
system slowness.
* Improve EOF handling for half-closed connections
Thanks to Catalin Patulea
* Send a banner message to report PAM error messages intended for the user
Patch from Martin Donnelly
* Limit the size of decompressed payloads, avoids memory exhaustion denial
of service
Thanks to Logan Lamb for reporting and investigating it
* Avoid disclosing existence of valid users through inconsistent delays
Thanks to Logan Lamb for reporting
* Update config.guess and config.sub for newer architectures
* Avoid segfault in server for locked accounts
* "make install" now installs manpages
dropbearkey.8 has been renamed to dropbearkey.1
manpage added for dropbearconvert
* Get rid of one second delay when running non-interactive commands
</description>
<summary>update for dropbear</summary>
</patchinfo>
