ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-25 21:59:32 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
openwrt/package/network/services/dropbear/patches
History
Hans Dedecker 2211ee0037 dropbear: backport upstream fix for CVE-2018-15599 
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 15:25:26 +02:00
..
010-runtime-maxauthtries.patch
dropbear: server support option '-T' max auth tries
2017-06-28 02:18:20 +02:00
020-Wait-to-fail-invalid-usernames.patch
dropbear: backport upstream fix for CVE-2018-15599
2018-08-24 15:25:26 +02:00
100-pubkey_path.patch
dropbear: backport upstream fix for CVE-2018-15599
2018-08-24 15:25:26 +02:00
110-change_user.patch
dropbear: bump to 2015.68
2015-09-02 11:48:57 +00:00
120-openwrt_options.patch
dropbear: disable MD5 HMAC and switch to sha1 fingerprints
2017-12-12 22:24:17 +01:00
130-ssh_ignore_x_args.patch
dropbear: update to 2016.73
2016-05-13 10:23:52 +02:00
140-disable_assert.patch
dropbear: update to 2016.73
2016-05-13 10:23:52 +02:00
150-dbconvert_standalone.patch
dropbear: bump to 2015.68
2015-09-02 11:48:57 +00:00
160-lto-jobserver.patch
dropbear: compile with LTO enabled
2018-07-13 17:22:53 +02:00
600-allow-blank-root-password.patch
Disable telnet in favor of passwordless SSH
2015-09-07 19:29:25 +00:00
610-skip-default-keys-in-custom-runs.patch
dropbear: server support option '-T' max auth tries
2017-06-28 02:18:20 +02:00