-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Jan 2024 10:01:00 +0100 Source: dropbear Architecture: source Version: 2022.83-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Guilhem Moulin <guilhem@debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1059001 Changes: dropbear (2022.83-1+deb12u1) bookworm; urgency=medium . * Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (Closes: #1059001) Checksums-Sha1: 692f8b276888861da31b2ebf2f54f9c7b8d2b686 2614 dropbear_2022.83-1+deb12u1.dsc 97a18621ae57e9f7aa98ff5a6c0c4e4ce0c01d36 36860 dropbear_2022.83-1+deb12u1.debian.tar.xz ef4a025fdbdc4ba93629288250f0b520b4afe73b 7504 dropbear_2022.83-1+deb12u1_amd64.buildinfo Checksums-Sha256: d629523b1fb44942e9dc611bc00a6513cd0b60dda3a4cd916bae11832a74428a 2614 dropbear_2022.83-1+deb12u1.dsc 6bee1e383176908d5b6de4ccd503260404356b5cded6a78b5a7fa76e8c943e49 36860 dropbear_2022.83-1+deb12u1.debian.tar.xz d0f7ec56c042101f632d1644249a728e7fda6e1c7af6e0e84060d8ef9d37d279 7504 dropbear_2022.83-1+deb12u1_amd64.buildinfo Files: 06d68565eccc6fbec29c993295fcdd62 2614 net optional dropbear_2022.83-1+deb12u1.dsc 3c1c408a74a6228f1fb29559533e8e6d 36860 net optional dropbear_2022.83-1+deb12u1.debian.tar.xz 6ea7040c560daf5b2a7fbe151bb87247 7504 net optional dropbear_2022.83-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWzdUMACgkQ05pJnDwh pVL4Aw//Yb2K/pAsrcfUB7ADfNOq0XmBmioxWlq3YUWoHgVkHgJZgxPMe9AkaKE9 6zGZqq/Bxm7zmX5w9D5kZeEDYeIItKLIsNHLJxTvyZeWu0KxprZs22ZcrebomkRJ J+RfJ7TySAAR/L/cHkM3M+8KAq7JMnhFXHQRjUrcWcXekk/wDn4gg6xVihSqa+wQ 7uaxIAG6eIPiOPPsc7TKmXlE4BhnALeLR89iSm+Iwtm0SBNJy2P+37s0aEq7vegn 5cwqsYfLuymQEiWDMtXVa079NU6aCnlNsTfUDn83LC27RsBjNZdfvW0wY1ecaOze MTkoXaKi7AICITiMa7VR7trXHgsW1W4azg54h4+IuqmNjv74qN/jIbsINcp1WLJB uZg+ErAk1iVqVhmQJTHplkCB41HAJ0sNrIJ9OWMZKQUlZs0uDNANV5K8wujaLmGx ca+WNhqhb3n+903An2SpluzcyKfuFoaF5xBQO84hcY6bi+VWImBB+ou2OSXyZ2yS 2Ih7vN5mt1JwUYMZ0SWcc8QavORnaqon1U2pfFn6Hcd0uRuOpHe64NZA9M0nDFUo j4qEyO1kCidiRLRJu5aNOber8UaTF8yYjpDx2g4WGIG1ytkoYcEXavLvDmvOmD1X rDeiKzgzObMuo/NBKRPW7CQtFVL5ozgcrOIG+3jx9O3j3fquRTk= =YrjU -----END PGP SIGNATURE-----
