-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Aug 2018 14:36:51 +0200 Source: dropbear Binary: dropbear-bin dropbear-run dropbear-initramfs dropbear Architecture: source amd64 all Version: 2018.76-4 Distribution: unstable Urgency: medium Maintainer: Guilhem Moulin <guil...@debian.org> Changed-By: Guilhem Moulin <guil...@debian.org> Description: dropbear - transitional dummy package for dropbear-{run,initramfs} dropbear-bin - lightweight SSH2 server and client - command line tools dropbear-initramfs - lightweight SSH2 server and client - initramfs integration dropbear-run - lightweight SSH2 server and client - startup scripts Closes: 906890 Changes: dropbear (2018.76-4) unstable; urgency=medium . * Backport security fix for CVE-2018-15599: The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled. (Closes: #906890.) Cherry-picked from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 . * debian/control: Bump Standards-Version to 4.2.0 (no changes necessary). Checksums-Sha1: 25ef362d883f356c5f968b8c9366b7854ab9e5ea 2397 dropbear_2018.76-4.dsc e8c6ef46e21f7b162c55042cf46f825fccf4eaae 25240 dropbear_2018.76-4.debian.tar.xz b78357ad6315fe9a767b36bf426d9036f08ae815 1080904 dropbear-bin-dbgsym_2018.76-4_amd64.deb ba42d0b837a371e3f2985a6a9bc0e37103c1656c 131124 dropbear-bin_2018.76-4_amd64.deb ba18a86cc2c0d422d2ad987e71d52250741b1197 40456 dropbear-initramfs_2018.76-4_all.deb 4f0d327c9e1d825db39e32695bc7086e2d285015 37568 dropbear-run_2018.76-4_all.deb a772057ea4f47d4dccb08a7c23a21b3caa0f9026 35316 dropbear_2018.76-4_all.deb 8d1218b5d73ebf68352ae7210cfc82a6b0344fab 6858 dropbear_2018.76-4_amd64.buildinfo Checksums-Sha256: 82bbb3a2af6fac80f93e8cfb53b379293fba434b69294677de0554e42be75ded 2397 dropbear_2018.76-4.dsc 87d2aca6976546d64c8ac5dda4f1de88289526643678f9957fadd96bf846c800 25240 dropbear_2018.76-4.debian.tar.xz 4f18e7a6dfab43802a951b5f53b188b67e0590af3f0208a8ebc6bdaddfa0e2e4 1080904 dropbear-bin-dbgsym_2018.76-4_amd64.deb 24daa5adab17a34b8b033e1f097336f7ad72cc9d75f3586f03b1f6ef69baa98a 131124 dropbear-bin_2018.76-4_amd64.deb fe3036e8b36b56588c71b34613a374fe6787685abacd41ac33f96d5c162f449c 40456 dropbear-initramfs_2018.76-4_all.deb ea8ef23dd0c4201c5fb9939554ab72a68a9dad180376febe02bf2142b087f3b3 37568 dropbear-run_2018.76-4_all.deb 9ab195012ba8e41a39c38e936eff522ecbc91c5856047a57ea893b41b656845e 35316 dropbear_2018.76-4_all.deb f17c8949b54b8b219eac220dce39590ff591cd51f029f33eb0eac7462c9583ed 6858 dropbear_2018.76-4_amd64.buildinfo Files: 9b7b8976954d30bf9a5d9a8ef7119a18 2397 net optional dropbear_2018.76-4.dsc e508bccede1ba78ed92397c3ec5cbdcb 25240 net optional dropbear_2018.76-4.debian.tar.xz cabc16e39d352477d5dda984535916a5 1080904 debug optional dropbear-bin-dbgsym_2018.76-4_amd64.deb 921cd49b9256ff3fdae8a3cdb023eb2a 131124 net optional dropbear-bin_2018.76-4_amd64.deb 86de09b21c2da6a54001fbdec0f76fbe 40456 net optional dropbear-initramfs_2018.76-4_all.deb 1b93ab389d51068a3576232a648bda15 37568 net optional dropbear-run_2018.76-4_all.deb e9d8298376aa0f8cc1b083984ef00190 35316 oldlibs optional dropbear_2018.76-4_all.deb 6026fe4cf8054e1afb2ed90f3db21315 6858 net optional dropbear_2018.76-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlt//f0ACgkQ05pJnDwh pVLsDg/+NUqoxcJkvFZYi+XSCzzyQ9xzzaXaeNMR0dgJMcJK2JO5C8CeeMLzMbLb R+TIedxtYQO0yRA+gmJBcRrDAxP+X7hnQa+Ewz5kuBXnejCbQ3X4dr3EHgWqZi2Y zpA6NCY2Rzi8TvcUDAQpLRwuUBm/ytGHs+N3u3fGbcBrTEQNY72XySeZZV8cPZ94 yHIy4NqnsLpo5SggTG1g1c7iaefH9HRJS5Du+evgGQfNA+wBmG/fMnnfpQR/VgQR 7/pki83t3m787JZCkC63C8AT4H0Vx6mtpJafJtUPco2/uWVfs88DyO0lbA/Rec5+ zkgd0ZE1M7grump3AIvAQGctItKVBk6lv6ekXlbofx7sgGaNKuyntg4QRWYy2vkZ N03k5sR0pynLhznJ2x07/gHgyjE0+GwHy3kFKDFF2bl4aMyQihN2v29w7e4IxU5R tHwH8jAK9SHqS0XjmbuK8ft9aPSG9ydZJ6GS9CW5UiDpEVBkBagC9GGHdyMvckGx 6lJNlvdpRXEP1TgyBvDhml9lkP74kmb3MbsmD5E4JNYhsMNkr0P3SJRyW0Yw5kJE dBaEnKmHX3MBtkfbkf26IDa9u0kyCZt6gH/cSUk7Fi15ZpUGojEkcdXbjuc7ty60 2x0OX1wl4WrKunuOuEr6RDeCiKlN36N6lmMu8WbKmR9NZJyZn6c= =8Jjr -----END PGP SIGNATURE-----