Back to dropbear PTS page

Accepted dropbear 2018.76-4 (source amd64 all) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted dropbear 2018.76-4 (source amd64 all) into unstable
From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 24 Aug 2018 13:19:20 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ftBzk-000BPm-NQ@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Aug 2018 14:36:51 +0200
Source: dropbear
Binary: dropbear-bin dropbear-run dropbear-initramfs dropbear
Architecture: source amd64 all
Version: 2018.76-4
Distribution: unstable
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear   - transitional dummy package for dropbear-{run,initramfs}
 dropbear-bin - lightweight SSH2 server and client - command line tools
 dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
 dropbear-run - lightweight SSH2 server and client - startup scripts
Closes: 906890
Changes:
 dropbear (2018.76-4) unstable; urgency=medium
 .
   * Backport security fix for CVE-2018-15599: The recv_msg_userauth_request
     function in svr-auth.c in Dropbear through 2018.76 is prone to a user
     enumeration vulnerability because username validity affects how fields in
     SSH_MSG_USERAUTH messages are handled.  (Closes: #906890.)
     Cherry-picked from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 .
   * debian/control: Bump Standards-Version to 4.2.0 (no changes necessary).
Checksums-Sha1:
 25ef362d883f356c5f968b8c9366b7854ab9e5ea 2397 dropbear_2018.76-4.dsc
 e8c6ef46e21f7b162c55042cf46f825fccf4eaae 25240 dropbear_2018.76-4.debian.tar.xz
 b78357ad6315fe9a767b36bf426d9036f08ae815 1080904 dropbear-bin-dbgsym_2018.76-4_amd64.deb
 ba42d0b837a371e3f2985a6a9bc0e37103c1656c 131124 dropbear-bin_2018.76-4_amd64.deb
 ba18a86cc2c0d422d2ad987e71d52250741b1197 40456 dropbear-initramfs_2018.76-4_all.deb
 4f0d327c9e1d825db39e32695bc7086e2d285015 37568 dropbear-run_2018.76-4_all.deb
 a772057ea4f47d4dccb08a7c23a21b3caa0f9026 35316 dropbear_2018.76-4_all.deb
 8d1218b5d73ebf68352ae7210cfc82a6b0344fab 6858 dropbear_2018.76-4_amd64.buildinfo
Checksums-Sha256:
 82bbb3a2af6fac80f93e8cfb53b379293fba434b69294677de0554e42be75ded 2397 dropbear_2018.76-4.dsc
 87d2aca6976546d64c8ac5dda4f1de88289526643678f9957fadd96bf846c800 25240 dropbear_2018.76-4.debian.tar.xz
 4f18e7a6dfab43802a951b5f53b188b67e0590af3f0208a8ebc6bdaddfa0e2e4 1080904 dropbear-bin-dbgsym_2018.76-4_amd64.deb
 24daa5adab17a34b8b033e1f097336f7ad72cc9d75f3586f03b1f6ef69baa98a 131124 dropbear-bin_2018.76-4_amd64.deb
 fe3036e8b36b56588c71b34613a374fe6787685abacd41ac33f96d5c162f449c 40456 dropbear-initramfs_2018.76-4_all.deb
 ea8ef23dd0c4201c5fb9939554ab72a68a9dad180376febe02bf2142b087f3b3 37568 dropbear-run_2018.76-4_all.deb
 9ab195012ba8e41a39c38e936eff522ecbc91c5856047a57ea893b41b656845e 35316 dropbear_2018.76-4_all.deb
 f17c8949b54b8b219eac220dce39590ff591cd51f029f33eb0eac7462c9583ed 6858 dropbear_2018.76-4_amd64.buildinfo
Files:
 9b7b8976954d30bf9a5d9a8ef7119a18 2397 net optional dropbear_2018.76-4.dsc
 e508bccede1ba78ed92397c3ec5cbdcb 25240 net optional dropbear_2018.76-4.debian.tar.xz
 cabc16e39d352477d5dda984535916a5 1080904 debug optional dropbear-bin-dbgsym_2018.76-4_amd64.deb
 921cd49b9256ff3fdae8a3cdb023eb2a 131124 net optional dropbear-bin_2018.76-4_amd64.deb
 86de09b21c2da6a54001fbdec0f76fbe 40456 net optional dropbear-initramfs_2018.76-4_all.deb
 1b93ab389d51068a3576232a648bda15 37568 net optional dropbear-run_2018.76-4_all.deb
 e9d8298376aa0f8cc1b083984ef00190 35316 oldlibs optional dropbear_2018.76-4_all.deb
 6026fe4cf8054e1afb2ed90f3db21315 6858 net optional dropbear_2018.76-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlt//f0ACgkQ05pJnDwh
pVLsDg/+NUqoxcJkvFZYi+XSCzzyQ9xzzaXaeNMR0dgJMcJK2JO5C8CeeMLzMbLb
R+TIedxtYQO0yRA+gmJBcRrDAxP+X7hnQa+Ewz5kuBXnejCbQ3X4dr3EHgWqZi2Y
zpA6NCY2Rzi8TvcUDAQpLRwuUBm/ytGHs+N3u3fGbcBrTEQNY72XySeZZV8cPZ94
yHIy4NqnsLpo5SggTG1g1c7iaefH9HRJS5Du+evgGQfNA+wBmG/fMnnfpQR/VgQR
7/pki83t3m787JZCkC63C8AT4H0Vx6mtpJafJtUPco2/uWVfs88DyO0lbA/Rec5+
zkgd0ZE1M7grump3AIvAQGctItKVBk6lv6ekXlbofx7sgGaNKuyntg4QRWYy2vkZ
N03k5sR0pynLhznJ2x07/gHgyjE0+GwHy3kFKDFF2bl4aMyQihN2v29w7e4IxU5R
tHwH8jAK9SHqS0XjmbuK8ft9aPSG9ydZJ6GS9CW5UiDpEVBkBagC9GGHdyMvckGx
6lJNlvdpRXEP1TgyBvDhml9lkP74kmb3MbsmD5E4JNYhsMNkr0P3SJRyW0Yw5kJE
dBaEnKmHX3MBtkfbkf26IDa9u0kyCZt6gH/cSUk7Fi15ZpUGojEkcdXbjuc7ty60
2x0OX1wl4WrKunuOuEr6RDeCiKlN36N6lmMu8WbKmR9NZJyZn6c=
=8Jjr
-----END PGP SIGNATURE-----