Add patch 0001-Fix-authentication-bypass-bug.patch
authorgregor herrmann <gregoa@debian.org>
Tue, 17 Jun 2014 17:32:50 +0000 (19:32 +0200)
committergregor herrmann <gregoa@debian.org>
Tue, 17 Jun 2014 17:32:50 +0000 (19:32 +0200)
commitb541588ee68e8d574cf9086bc8e745c7131204e3
treefd4a2301986140bfeed46e8ce098dd5bde402322
parent25c2888e5984fcc17481e27a1b571cc319f4ec56
Add patch 0001-Fix-authentication-bypass-bug.patch

from upstream's iodine-0.6.0 branch.

This fixes a security problem where the client could bypass the password
check by continuing after getting an error from the server and guessing the
network parameters and the server would still accept the rest of the setup
and also network traffic. The patch adds checks for normal and raw mode that
user has authenticated before allowing any other communication.

Thanks: Salvatore Bonaccorso for the bug report, and Erik Ekman for backporting the fix super fast.
Closes: #751834
debian/patches/0001-Fix-authentication-bypass-bug.patch [new file with mode: 0644]
debian/patches/series