Hi,

On Tue, 19 Dec 2023 at 09:08:00 +0100, Salvatore Bonaccorso wrote:
> The following vulnerability was published for dropbear.
>
> CVE-2023-48795[0]:
> […]
> Dropbear commit [1] implements the Strict KEX mode as well. In my
> understanding of [2] the issue might be less of a security concern for
> Dropbear itself, not reducing the Dropbear security.

FWIW this has been clarified at https://github.com/mkj/dropbear/issues/270 ,
where dropbear upstream as well as a terrapin author have chimed in.

I've backported the upstream fix to 2022.83 and will propose fixes for
(old)stable via s-pu.

Cheers,
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply via email to