Hi, On Tue, 19 Dec 2023 at 09:08:00 +0100, Salvatore Bonaccorso wrote: > The following vulnerability was published for dropbear. > > CVE-2023-48795[0]: > […] > Dropbear commit [1] implements the Strict KEX mode as well. In my > understanding of [2] the issue might be less of a security concern for > Dropbear itself, not reducing the Dropbear security.
FWIW this has been clarified at https://github.com/mkj/dropbear/issues/270 , where dropbear upstream as well as a terrapin author have chimed in. I've backported the upstream fix to 2022.83 and will propose fixes for (old)stable via s-pu. Cheers, -- Guilhem.
signature.asc
Description: PGP signature

