Accepted dropbear 2016.74-5+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Aug 2018 02:08:38 +0200
Source: dropbear
Binary: dropbear-bin dropbear-run dropbear-initramfs dropbear
Architecture: source amd64 all
Version: 2016.74-5+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
dropbear - transitional dummy package for dropbear-{run,initramfs}
dropbear-bin - lightweight SSH2 server and client - command line tools
dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
dropbear-run - lightweight SSH2 server and client - startup scripts
Closes: 906890
Changes:
dropbear (2016.74-5+deb9u1) stretch; urgency=medium
.
* Backport security fix for CVE-2018-15599: The recv_msg_userauth_request
function in svr-auth.c in Dropbear through 2018.76 is prone to a user
enumeration vulnerability because username validity affects how fields in
SSH_MSG_USERAUTH messages are handled. (Closes: #906890.)
Adapted from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 .
Checksums-Sha1:
a7502ff8ada889bfbcf4fc99f44a057fbff96e32 2162 dropbear_2016.74-5+deb9u1.dsc
a4fecfe804057902b8597c549de3e25629643253 24276 dropbear_2016.74-5+deb9u1.debian.tar.xz
4e8229e67f1b956e4a3c334428a17e38dad84c05 1251362 dropbear-bin-dbgsym_2016.74-5+deb9u1_amd64.deb
5c27275a9cc1f9a86d444370e20621652dd6bdb1 183412 dropbear-bin_2016.74-5+deb9u1_amd64.deb
25b4e759b5878e3220ffc4abb486f5bacee9e987 36788 dropbear-initramfs_2016.74-5+deb9u1_all.deb
440b0dea687a86c2397991f96c957afee5039ea6 34364 dropbear-run_2016.74-5+deb9u1_all.deb
3798596fcb364de26f9999fd751b4a9ea1d2e385 32056 dropbear_2016.74-5+deb9u1_all.deb
0b1f0ab23c76d330380cdddabe1de77d56e5af67 7059 dropbear_2016.74-5+deb9u1_amd64.buildinfo
Checksums-Sha256:
f34cfc94f0686d4b2df1d440336b0db314a886f630a428944edc4d422492882d 2162 dropbear_2016.74-5+deb9u1.dsc
157ccb0a7cde208462eab99cf246347127c7eac6d0ea571e27434819c43bba83 24276 dropbear_2016.74-5+deb9u1.debian.tar.xz
0647253204fd0f0a255a560ddb602794d723259eea77e40dbd564c901c316444 1251362 dropbear-bin-dbgsym_2016.74-5+deb9u1_amd64.deb
f0e9537024ad1d18752a7f6f7ba8b83080b0c30317a0a15bf712584b9d50b06e 183412 dropbear-bin_2016.74-5+deb9u1_amd64.deb
5dd8db8d5ae4d1d522317ba10754519cd9247941492ab8f446af9b3f8957b920 36788 dropbear-initramfs_2016.74-5+deb9u1_all.deb
c5650388ca28777d46682db6c61dd35dc3ddf48dd1469a22db1e0edf2b5dff09 34364 dropbear-run_2016.74-5+deb9u1_all.deb
243b874a9a9b540d433c64cf3ea8686d085a77db9a5a32dc8cc7f1f3b0d161e4 32056 dropbear_2016.74-5+deb9u1_all.deb
0bffcc3c9a14455f5570b3d9fa0434398c75528e74069d98abbb39ac21e327bc 7059 dropbear_2016.74-5+deb9u1_amd64.buildinfo
Files:
5f34210dea3f86f218f6fc7f814ae0f6 2162 net optional dropbear_2016.74-5+deb9u1.dsc
08aa7943af904ccdb9afa8202c20dbf0 24276 net optional dropbear_2016.74-5+deb9u1.debian.tar.xz
a40bd9af7b9df69360774faddc191fa7 1251362 debug extra dropbear-bin-dbgsym_2016.74-5+deb9u1_amd64.deb
058577019f26707fe7115beaad5e526a 183412 net optional dropbear-bin_2016.74-5+deb9u1_amd64.deb
44acfcf15dfdc232a6feaa2f4f8cdca2 36788 net optional dropbear-initramfs_2016.74-5+deb9u1_all.deb
9bda9019289ccee1e3bf588446d1f229 34364 net optional dropbear-run_2016.74-5+deb9u1_all.deb
c24b67cc4d3a2c3185301de2674b63d6 32056 oldlibs extra dropbear_2016.74-5+deb9u1_all.deb
9b317cdfb8437ec88e9262efcc51af40 7059 net optional dropbear_2016.74-5+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAluFoTMACgkQ05pJnDwh
pVIMmhAAgoZee5eLcUsbinZMfF7LPBTT6nbCTHrIFoIxV0Rl+KxSqsWOXElTa80P
puXu8V685MmHNZdPe5WP/CB26Mp3oUz5hZ0p3nglb0Z/3KOpE89E+aiDbtZBcSXA
QBMznVgmkg+wfg0qrFUk2QDykMaCs2CkBVQMthaaPdRj4fCIyPU5r7SL0BfnwZz9
EvTyf7tMxRm+qjPSYdvhbJ7ox6fVpJDc3+TF/I6kh6YMvcJNZoWbQtD5DeD4v5nh
JMYvRlxmpXbNaiho+rD7RjpAQwhIqFIGnsw7KxMrKtIrjpf9Th7B35V9JbAmgn7Q
XWe3soUisUO5YdMypxpKxRe0pXRaw1LLDJCM1pE3MkpSN6AK1kYs6tQqrd47PRb/
jCuuJMqBGiqk+kursn0dKKgMZoXBw6UN2EiHrgxv9tv2s37CBbw3/QuQX6g9cZSG
KHwB0dXsUvkxF7e89WoO91ZHpKlAJGExo90MgPJgeeqdWFrpbm0Ohj+SIbY8+6CW
SYAEZVjbXhQgI0yen69+6A7NMj6b4Dn8yz0d9gZM043m0HDk6w3hK5Gg6EWIyfAb
wf8X87XeSsAW6mSaszs/HhJoxxJDVYlBqeP38kyQx51UCDifH4jAaLS9Mbmf8FRY
7Z2t4SpZ9Qk+ZmxDF2w+gwPEUlYulDoL+NSdVURro6iYEf5B+oc=
=0qYG
-----END PGP SIGNATURE-----