Package: dropbear Severity: grave Tags: security Justification: user security hole
>From CVE-2007-1099: dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. This is fixed in 0.49, see http://matt.ucc.asn.au/dropbear/CHANGES Please mention the CVE id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
