diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-04-01 16:07:03 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-01 14:12:31 +0000 |
| commit | dfee865168d41a873c119249a312478c9b519979 (patch) | |
| tree | e3310527d0060aef2ad2265aacb7ddbd258d0505 | |
| parent | a62eb854599050e3737e47bd148682dfd337a5ed (diff) | |
| download | vyos-build-dfee865168d41a873c119249a312478c9b519979.tar.gz vyos-build-dfee865168d41a873c119249a312478c9b519979.zip | |
dropbear: T6195: package upgrade 2022.83-1+deb12u1
Fix CVE-2023-48795: (terrapin attack)
The SSH transport protocol with certain OpenSSH extensions allows remote
attackers to bypass integrity checks such that some packets are omitted (from
the extension negotiation message), and a client and server may consequently
end up with a connection for which some security features have been downgraded
or disabled, aka a Terrapin attack.
(cherry picked from commit b17befe2e4e914f3f604bcfa1843f75519d46a4d)
| -rw-r--r-- | packages/dropbear/Jenkinsfile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile index 1b7947cf..2a449082 100644 --- a/packages/dropbear/Jenkinsfile +++ b/packages/dropbear/Jenkinsfile @@ -1,4 +1,4 @@ -// Copyright (C) 2022-2023 VyOS maintainers and contributors +// Copyright (C) 2022-2024 VyOS maintainers and contributors // // This program is free software; you can redistribute it and/or modify // in order to easy exprort images built to "external" world @@ -21,7 +21,7 @@ def pkgList = [ ['name': 'dropbear', - 'scmCommit': 'debian/2022.83-1', + 'scmCommit': 'debian/2022.83-1+deb12u1', 'scmUrl': 'https://salsa.debian.org/debian/dropbear.git', 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], ] |