summaryrefslogtreecommitdiff
path: root/packages/dropbear
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-04-01 16:07:03 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-04-01 14:12:31 +0000
commitdfee865168d41a873c119249a312478c9b519979 (patch)
treee3310527d0060aef2ad2265aacb7ddbd258d0505 /packages/dropbear
parenta62eb854599050e3737e47bd148682dfd337a5ed (diff)
downloadvyos-build-dfee865168d41a873c119249a312478c9b519979.tar.gz
vyos-build-dfee865168d41a873c119249a312478c9b519979.zip
dropbear: T6195: package upgrade 2022.83-1+deb12u1
Fix CVE-2023-48795: (terrapin attack) The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (cherry picked from commit b17befe2e4e914f3f604bcfa1843f75519d46a4d)
Diffstat (limited to 'packages/dropbear')
-rw-r--r--packages/dropbear/Jenkinsfile4
1 files changed, 2 insertions, 2 deletions
diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile
index 1b7947cf..2a449082 100644
--- a/packages/dropbear/Jenkinsfile
+++ b/packages/dropbear/Jenkinsfile
@@ -1,4 +1,4 @@
-// Copyright (C) 2022-2023 VyOS maintainers and contributors
+// Copyright (C) 2022-2024 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
@@ -21,7 +21,7 @@
def pkgList = [
['name': 'dropbear',
- 'scmCommit': 'debian/2022.83-1',
+ 'scmCommit': 'debian/2022.83-1+deb12u1',
'scmUrl': 'https://salsa.debian.org/debian/dropbear.git',
'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
]