]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 277b5ec) | patch
dropbear: patch CVE-2025-47203
authorPeter Marko <peter.marko@siemens.com>
Sat, 26 Jul 2025 09:21:48 +0000 (11:21 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Jul 2025 15:00:54 +0000 (08:00 -0700)
commit91eeffaf14917c7c994a8de794b915231e69c5d6
tree4aa132852cb66e4e5f8e40603f7c5575d86ba20etree
parent277b5ec3c0212ca8600dd89d0a33f784a060131fcommit | diff
dropbear: patch CVE-2025-47203

CVE patch [1] as mentioned in [2] relies on several patches not yet
available in version 2020.81 we have in kirkstone.
The good folks from Debian did the hard work identifying them as they
have the same version in bullseye release.
The commits were picked from [3] and they have their references to
dropbear upstream commits.

[1] https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b
[2] https://security-tracker.debian.org/tracker/CVE-2025-47203
[3] https://salsa.debian.org/debian/dropbear/-/commit/7f48e75892c40cfc6336137d62581d2c4ca7d84c

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/dropbear/dropbear.inc diff | blob | blame | history
meta/recipes-core/dropbear/dropbear/0001-Add-m_snprintf-that-won-t-return-negative.patch [new file with mode: 0644] blob
meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch [new file with mode: 0644] blob
meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core-contrib