Your message dated Sat, 06 Aug 2022 17:17:27 +0000
with message-id <[email protected]>
and subject line Bug#1009062: fixed in dropbear 2018.76-5+deb10u1
has caused the Debian Bug report #1009062,
regarding CVE-2019-12953: inconsistent failure delay that may lead to revealing
valid usernames
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1009062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009062
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dropbear
Version: 2011.54-1
Severity: important
Tags: security
Control: found -1 2016.74-5+deb9u1
Control: found -1 2018.76-5
Control: fixed -1 2019.78-1
CVE-2019-12953: Dropbear 2011.54 through 2018.76 has an inconsistent
failure delay that may lead to revealing valid usernames. This is a
different issue than CVE-2018-15599.
Upstream fix: https://hg.ucc.asn.au/dropbear/rev/228b086794b7 .
--
Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: dropbear
Source-Version: 2018.76-5+deb10u1
Done: Guilhem Moulin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dropbear, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated dropbear package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 Apr 2022 20:54:24 +0200
Source: dropbear
Architecture: source
Version: 2018.76-5+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Guilhem Moulin <[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 1009062
Changes:
dropbear (2018.76-5+deb10u1) buster; urgency=medium
.
* Backport security fix for CVE-2019-12953: Inconsistent failure delay that
may lead to revealing valid usernames. The fix limits password length to
100 bytes. (Closes: #1009062.)
Cherry-picked from https://hg.ucc.asn.au/dropbear/rev/228b086794b7 .
* d/gbp.conf: Set debian-branch = debian/buster.
Checksums-Sha1:
82c7513621952e7a84ed655f288e7ec323fbbfb1 2429 dropbear_2018.76-5+deb10u1.dsc
21b731d07602c1f3eedaea64e1aaa1f30d2e50ff 25336
dropbear_2018.76-5+deb10u1.debian.tar.xz
fb1cabce297150a35f6e5d3d00a6487aa21a8b23 6961
dropbear_2018.76-5+deb10u1_amd64.buildinfo
Checksums-Sha256:
b5418c15c18287c95eca10d372a45583559961bfcdc0eb569e846f8ee59a400c 2429
dropbear_2018.76-5+deb10u1.dsc
8a0a9924a8fdc990a4e7f32168fb5b6265a81a57f201ee539e712ee9c5d5967d 25336
dropbear_2018.76-5+deb10u1.debian.tar.xz
9aed4d8a3308f8ebf345ff2d1b97efb80931ee488f61011c5080c686b9b8d67d 6961
dropbear_2018.76-5+deb10u1_amd64.buildinfo
Files:
94dc61ba995f511f373a6820ee30ada3 2429 net optional
dropbear_2018.76-5+deb10u1.dsc
ad101b6a852479465e7722efedbc5f64 25336 net optional
dropbear_2018.76-5+deb10u1.debian.tar.xz
95e85b6f918f165469a5d88f6f6bcf90 6961 net optional
dropbear_2018.76-5+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmJN4lEACgkQ05pJnDwh
pVIuphAAk3/M/BwHcGn7BfYiL03o8j8whVV3ygp3aDirwd+g2ZG3AH4Q1Mog/Icw
6FgX4DA7at+jOPcCaOiaHP6vXkh1dtGBsTP5qKupeUG94vODwqWGUFWc11e4jTMo
LleVG4EwhyhEn1okn7z2ysQn4eJCpJ7PG7omlfUFAs0rDPqg8k26N6/cSA0JsCYF
qqVE9IKyYBPwMkdByATlKFhShfVQH84EUMKXBYQPpGYcfy6EBKN4gA64iBs+1J6A
CZPrjL03cxJOWIpjRYx6htMjkIFH8K6Rpc3wmzUzY73s+3fv6BHOSCFvws7ZH+fk
wytlB008NdNyhBX87CzFkjv+WaiVE02oUdupQP8ICFkM+jBozNR1j3ghWYw3W/ms
V2n9RscK2/DfWYt+MgcPaSNDMsxrRQQD+/CtYHiJdyA39x0WMyXLGjNaEwPiJoSn
7wDyFMLRIyWr0uuk2zOlwTKcJwSXz/w9sCm90Y5GHnY41dU4xbk85vRp7mI5vyCe
tmX8UI6eebOarKSTwMGFxqE6rqgb8qwLqAxHJW8PRMd2O3l46JBRhMY7E9oCac/U
Rxqdl5X6BCSxILU8doFCfAZQyDtE1w6wM93CnA3BUfH7fvpyYbtJLin+cBYSEvP9
a7R4QL2UwSnIiHGjFl8AhTf7bqSa5vviJLvTS8smn0163I3V2pU=
=24KL
-----END PGP SIGNATURE-----
--- End Message ---
