Debian Package Tracker

From: Guilhem Moulin <guilhem@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted dropbear 2014.65-1+deb8u3 (source) into oldstable
Date: Mon, 27 Aug 2018 13:20:22 +0000
Signed by: Holger Levsen <holger@layer-acht.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Aug 2018 02:52:26 +0200
Source: dropbear
Binary: dropbear
Architecture: source
Version: 2014.65-1+deb8u3
Distribution: jessie-security
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear   - lightweight SSH2 server and client
Closes: 906890
Changes:
 dropbear (2014.65-1+deb8u3) jessie-security; urgency=medium
 .
   * Backport security fix for CVE-2018-15599: The recv_msg_userauth_request
     function in svr-auth.c in Dropbear through 2018.76 is prone to a user
     enumeration vulnerability because username validity affects how fields in
     SSH_MSG_USERAUTH messages are handled.  (Closes: #906890.)
     Adapted from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 .
Checksums-Sha1:
 93ab838b8a56d5a5171ead6316bd94d989e2e52d 1720 dropbear_2014.65-1+deb8u3.dsc
 6761fa87f368d3e17fd2d466897466affc4b9b5d 16296 dropbear_2014.65-1+deb8u3.diff.gz
Checksums-Sha256:
 2ee095aac7bba39644ce96ba9de66a05eb61760b0f4f0a65919d88e66481abab 1720 dropbear_2014.65-1+deb8u3.dsc
 7e527b92aa37dff226f26aba3955676e8357e82d0c05c99b86ff3f6d4752de49 16296 dropbear_2014.65-1+deb8u3.diff.gz
Files:
 26e0a5e9a643047c54b21311178fa2f6 1720 net optional dropbear_2014.65-1+deb8u3.dsc
 8649a0aec15cf216949dd11b8f23daf1 16296 net optional dropbear_2014.65-1+deb8u3.diff.gz

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAluD9osACgkQCRq4Vgaa
qhxMGw/479FSGuYrAuwLDwKQM1bkpdl7CYllecQ5kNz2yRqne6R1uAawToeOVtwN
tyPjnDRoo6k2O+kG7ItZuFUV0NmmbrdvlcLw3tzyzxnT2N3+fOJ1eQFvMnr2TJsb
cTyqKBHxTanD7Z+j8sB4+clBqojqWmrSLcEHhs2OjdwdXhfwuZya0T5SMFhRDY7z
zTRmywEF0iH4JeRd+LYgIxtw/ooD8kuvF08Sg7MrJJYtPD5YULDUG4YzLllTWGiY
GXElSMbdRt9oOHZ1A1YAos3HuKL2BTz+nv/+eRpheKySdvlKl3j7T5jVWBVYMBjV
Nl3Sf0W0nhHycit3GGZXEKhkv0TGTs6I1GsL/4OirvLryo1uYZa4qLL5tjJznw/A
T4jYwMS0wYN0s0yPaHR03LHeeaSxd6+cvgWhvUV6bRmCA9T7OBFDjlIAuHNGy4A9
NcrWDEb6D9XCmpltoJYu70oy9YraR8tg6ygAWgogT7jI7isvk4S2k5BYq7wAIEz8
M0ea+Vy7H5l/kCMHG2oBirlB2F/QJ7nhhNAxrgflclxlyK0c6Lish1VklK8UtPCq
2iYfo9Ha+gl0E8JQ+oW4eLUW4LhkEI03oBhgeAwmJZsKE1vG0i+ETV1dov9j4H6S
ouYlSTYuiLa3jmWIVUp4qa0hsYErz8QLF+zvKFWne7kz4WsXrw==
=pqsZ
-----END PGP SIGNATURE-----

News for package dropbear