Register | Log in

dropbear

lightweight SSH2 server and client - startup scripts

Choose email to subscribe with

general

source: dropbear (main)
version: 2025.88-1
maintainer: Guilhem Moulin (DMD)
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2018.76-5+deb10u1
o-o-sec: 2018.76-5+deb10u2
oldstable: 2020.81-3+deb11u2
old-sec: 2020.81-3+deb11u3
old-bpo: 2022.83-1+deb12u1~bpo11+1
old-p-u: 2020.81-3+deb11u2
stable: 2022.83-1+deb12u2
testing: 2025.87-1
unstable: 2025.88-1

versioned links

2018.76-5+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.76-5+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.81-3+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2020.81-3+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2022.83-1+deb12u1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2022.83-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2025.87-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2025.88-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dropbear
dropbear-bin (1 bugs: 0, 0, 1, 0)
dropbear-initramfs (1 bugs: 0, 1, 0, 0)

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:01:51
Last run: 2025-05-15T18:03:35.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:01:51
Last run: 2025-05-17T06:52:29.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:07:58
Last run: 2025-05-20T03:32:29.000Z
Previous status: unknown

Created: 2025-05-20 Last update: 2025-05-20 09:34

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-47203: dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

Created: 2025-05-08 Last update: 2025-05-17 21:31

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ab1c21931aec8df6e5f83d4dc4f37f4426e41aa6
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Thu May 8 05:36:43 2025 +0200

    d/changelog: Retroactively mention that 2025.88-1 fixes CVE-2025-47203.
    
    (Missed the CVE ID in the upstream changelog.)
    
    Gbp-Dch: Ignore

Created: 2025-05-08 Last update: 2025-05-18 07:28

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 2025.88-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-05-08 07:32

testing migrations

excuses:
- Migration status for dropbear (2025.87-1 to 2025.88-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 12 of 20 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dropbear.html
- ∙ ∙ autopkgtest for dropbear/2025.88-1: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- ∙ ∙ not blocked: has successful autopkgtest
- Not considered

news

[2025-05-17] Accepted dropbear 2020.81-3+deb11u3 (source) into oldstable-security (Guilhem Moulin)
[2025-05-07] Accepted dropbear 2025.88-1 (source) into unstable (Guilhem Moulin)
[2025-03-24] dropbear 2025.87-1 MIGRATED to testing (Debian testing watch)
[2025-03-05] Accepted dropbear 2025.87-1 (source) into unstable (Guilhem Moulin)
[2025-01-03] dropbear 2024.86-2 MIGRATED to testing (Debian testing watch)
[2025-01-01] Accepted dropbear 2024.86-2 (source) into unstable (Guilhem Moulin)
[2024-10-30] dropbear 2024.86-1 MIGRATED to testing (Debian testing watch)
[2024-10-23] Accepted dropbear 2024.86-1 (source) into unstable (Guilhem Moulin)
[2024-08-16] Accepted dropbear 2020.81-3+deb11u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2024-08-16] Accepted dropbear 2022.83-1+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2024-07-14] dropbear 2024.85-3 MIGRATED to testing (Debian testing watch)
[2024-07-09] Accepted dropbear 2024.85-3 (source) into unstable (Guilhem Moulin)
[2024-06-05] dropbear 2024.85-2 MIGRATED to testing (Debian testing watch)
[2024-06-05] dropbear 2024.85-2 MIGRATED to testing (Debian testing watch)
[2024-06-02] Accepted dropbear 2024.85-2 (source) into unstable (Guilhem Moulin)
[2024-04-28] dropbear 2024.85-1 MIGRATED to testing (Debian testing watch)
[2024-04-26] Accepted dropbear 2024.85-1 (source) into unstable (Guilhem Moulin)
[2024-04-07] dropbear 2024.84-1 MIGRATED to testing (Debian testing watch)
[2024-04-07] dropbear 2024.84-1 MIGRATED to testing (Debian testing watch)
[2024-04-07] dropbear 2024.84-1 MIGRATED to testing (Debian testing watch)
[2024-04-04] Accepted dropbear 2024.84-1 (source) into unstable (Guilhem Moulin)
[2024-02-06] Accepted dropbear 2022.83-1+deb12u1~bpo11+1 (source) into bullseye-backports (Debian FTP Masters) (signed by: Guilhem Moulin)
[2024-02-02] Accepted dropbear 2020.81-3+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2024-01-31] Accepted dropbear 2022.83-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2024-01-28] dropbear 2022.83-4 MIGRATED to testing (Debian testing watch)
[2024-01-25] Accepted dropbear 2022.83-4 (source) into unstable (Guilhem Moulin)
[2023-11-24] dropbear 2022.83-3 MIGRATED to testing (Debian testing watch)
[2023-11-21] Accepted dropbear 2022.83-3 (source) into unstable (Guilhem Moulin)
[2023-06-20] dropbear 2022.83-2 MIGRATED to testing (Debian testing watch)
[2023-06-20] dropbear 2022.83-2 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 2
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2024.86-2
20 bugs (2 patches)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing