Debian Package Tracker

From: Guilhem Moulin <guilhem@guilhem.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted dropbear 2014.65-1+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates
Date: Sat, 08 Apr 2017 15:32:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Apr 2017 22:15:20 +0200
Source: dropbear
Binary: dropbear
Architecture: source amd64
Version: 2014.65-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@guilhem.org>
Changed-By: Guilhem Moulin <guilhem@guilhem.org>
Description:
 dropbear   - lightweight SSH2 server and client
Changes:
 dropbear (2014.65-1+deb8u1) stable; urgency=medium
 .
   * New maintainer.
   * Backport security fix from 2016.72: If X11 forwarding is enabled a user
     could bypass any "command=" restrictions in authorized_keys and run any
     command as their own user (CVE-2016-3116).
   * Backport security fixes from 2016.74:
     - Message printout was vulnerable to format string injection
       (CVE-2016-7406).
     - dropbearconvert import of OpenSSH keys could run arbitrary code as the
       local dropbearconvert user when parsing malicious key files
       (CVE-2016-7407).
     - dbclient could run arbitrary code as the local dbclient user if
       particular -m or -c arguments are provided (CVE-2016-7408).
Checksums-Sha1:
 b6bb2ca29e9b7a147246f9e5fa3221574c8548c3 1721 dropbear_2014.65-1+deb8u1.dsc
 2c483f231aa0cbb2818a8c86d431cbba18657906 12974 dropbear_2014.65-1+deb8u1.diff.gz
 be534cce6845457152b0ff3c4f4eb7ae36d961bd 180068 dropbear_2014.65-1+deb8u1_amd64.deb
Checksums-Sha256:
 560d7d41a6a8f6fc59a8feecf534b99c663e6091f9c4ba9f10888992983ec04c 1721 dropbear_2014.65-1+deb8u1.dsc
 233e9340e110bfa49f3ea1d863d1a0a7a94a104d19492de8429091a4e515f2ba 12974 dropbear_2014.65-1+deb8u1.diff.gz
 c3618374670504c995304cac92ac23aef7d03fa4aa7d3c246fef2535a259523b 180068 dropbear_2014.65-1+deb8u1_amd64.deb
Files:
 9dc039b4a50095f49c470e5d7783218b 1721 net optional dropbear_2014.65-1+deb8u1.dsc
 c829d6944ec2323143e913e3248031ce 12974 net optional dropbear_2014.65-1+deb8u1.diff.gz
 3e76f7172a4a9edf5d94575617bdc430 180068 net optional dropbear_2014.65-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAljkqJEACgkQ05pJnDwh
pVIy5w//aHHE1lVv2MwEerkxSX4tOcUUZUlyA2Whaqy04FhKzIObrF6paAtkCvUf
JWK2TXeduGwpE2JoHiFwdYK7531PqKEQU87j/hrmoFZvQ/lLI7xsSf2fKQaeaCbq
Q2ZHgphGsOpg915xsO5aEXi98x6kVtsqFam0uIsVM9Gtdz0RLK8g7sfQE//wnI00
NGqb94vW9mC/PBPhKzuU2hp3jDtmfVZ9B5LfpkTxwe/5imkBJNztT/inTI5Jkffu
1heDKZbxBZrPT8Fr+9Fv6woLcp8i4qM2z0J5VWFWmiN0YzfKPjWToYfa+jmFy4NU
Z1GHdGf3K97giZNh/avNYjBprGmG3Ojz+up84B3ElinE0qJkADC9QJiwgWdyoFQw
jwgkPV6ydyvUwUdpISJ00LVqhJ4ew9oxXyyz0MQbCKMS1Je7FSZ6SVkbXKoHRHuO
34ssXhe6yZU8GZJsKN5N0m6D0arVYRIkjdZOtlE/nb/vZwAzY/efwgexdF99PZxw
rhqf0jQJXwbj3WZJyvk2yh/iYJFfg0OY7Ug2HnQiGYkgtd4REELM/zZriOO6nSc0
t6aQOChqck2uYFMQ1XS8IRxsyiDGesJFG/ei4Iu9F20uRC5RaMmEMO0QSYFqyyGk
pKz0iX1HupmDuORE3hERBAmEldb6CM9g2N+1d367ncBNdry7nVg=
=bBaF
-----END PGP SIGNATURE-----
News for package dropbear
