Add zarb MLs html archivesHEADmaster

1 files changed, 116 insertions, 0 deletions

diff --git a/zarb-ml/mageia-dev/2012-April/014636.html b/zarb-ml/mageia-dev/2012-April/014636.html
new file mode 100644
index 000000000..9511178f8
--- /dev/null
+++ b/zarb-ml/mageia-dev/2012-April/014636.html
@@ -0,0 +1,116 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] Freeze Push: dropbear
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20Push%3A%20dropbear&In-Reply-To=%3C4F93E0B1.1020205%40colin.guthr.ie%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="014654.html">
+   <LINK REL="Next"  HREF="014672.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] Freeze Push: dropbear</H1>
+    <B>Colin Guthrie</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20Push%3A%20dropbear&In-Reply-To=%3C4F93E0B1.1020205%40colin.guthr.ie%3E"
+       TITLE="[Mageia-dev] Freeze Push: dropbear">mageia at colin.guthr.ie
+       </A><BR>
+    <I>Sun Apr 22 12:42:57 CEST 2012</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="014654.html">[Mageia-dev] microcode needed by default
+</A></li>
+        <LI>Next message: <A HREF="014672.html">[Mageia-dev] Freeze Push: dropbear
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#14636">[ date ]</a>
+              <a href="thread.html#14636">[ thread ]</a>
+              <a href="subject.html#14636">[ subject ]</a>
+              <a href="author.html#14636">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>When adding systemd units to dropbear, I noticed a security problem had
+been announced.
+
+- Security: Fix use-after-free bug that could be triggered if command=&quot;...&quot;
+  authorized_keys restrictions are used.  Could allow arbitrary code
+execution
+  or bypass of the command=&quot;...&quot; restriction to an authenticated user.
+  This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
+  Thanks to Danny Fullerton of Mantor Organization for reporting
+  the bug.
+
+
+Please push.
+
+Note, that dropbear suffers from the same problem as openssh-server when
+pam support is disabled - i.e. all sessions will be killed on service
+restart.
+
+I tried enabling PAM support but this didn't seem to work properly so
+I've left it disabled for now.
+
+I've mentioned the issue on Fedora, so hopefully they'll fix it!
+
+<A HREF="https://bugzilla.redhat.com/show_bug.cgi?id=770251">https://bugzilla.redhat.com/show_bug.cgi?id=770251</A>
+
+
+-- 
+
+Colin Guthrie
+colin(at)mageia.org
+<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
+
+Day Job:
+  Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>
+Open Source:
+  Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A>
+  PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>
+  Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="014654.html">[Mageia-dev] microcode needed by default
+</A></li>
+	<LI>Next message: <A HREF="014672.html">[Mageia-dev] Freeze Push: dropbear
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#14636">[ date ]</a>
+              <a href="thread.html#14636">[ thread ]</a>
+              <a href="subject.html#14636">[ subject ]</a>
+              <a href="author.html#14636">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>