Accepted dropbear 2022.83-1+deb12u1 (source) into proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jan 2024 10:01:00 +0100
Source: dropbear
Architecture: source
Version: 2022.83-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1059001
Changes:
dropbear (2022.83-1+deb12u1) bookworm; urgency=medium
.
* Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with
certain OpenSSH extensions allows remote attackers to bypass integrity
checks such that some packets are omitted (from the extension negotiation
message), and a client and server may consequently end up with a
connection for which some security features have been downgraded or
disabled, aka a Terrapin attack. (Closes: #1059001)
Checksums-Sha1:
692f8b276888861da31b2ebf2f54f9c7b8d2b686 2614 dropbear_2022.83-1+deb12u1.dsc
97a18621ae57e9f7aa98ff5a6c0c4e4ce0c01d36 36860 dropbear_2022.83-1+deb12u1.debian.tar.xz
ef4a025fdbdc4ba93629288250f0b520b4afe73b 7504 dropbear_2022.83-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
d629523b1fb44942e9dc611bc00a6513cd0b60dda3a4cd916bae11832a74428a 2614 dropbear_2022.83-1+deb12u1.dsc
6bee1e383176908d5b6de4ccd503260404356b5cded6a78b5a7fa76e8c943e49 36860 dropbear_2022.83-1+deb12u1.debian.tar.xz
d0f7ec56c042101f632d1644249a728e7fda6e1c7af6e0e84060d8ef9d37d279 7504 dropbear_2022.83-1+deb12u1_amd64.buildinfo
Files:
06d68565eccc6fbec29c993295fcdd62 2614 net optional dropbear_2022.83-1+deb12u1.dsc
3c1c408a74a6228f1fb29559533e8e6d 36860 net optional dropbear_2022.83-1+deb12u1.debian.tar.xz
6ea7040c560daf5b2a7fbe151bb87247 7504 net optional dropbear_2022.83-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWzdUMACgkQ05pJnDwh
pVL4Aw//Yb2K/pAsrcfUB7ADfNOq0XmBmioxWlq3YUWoHgVkHgJZgxPMe9AkaKE9
6zGZqq/Bxm7zmX5w9D5kZeEDYeIItKLIsNHLJxTvyZeWu0KxprZs22ZcrebomkRJ
J+RfJ7TySAAR/L/cHkM3M+8KAq7JMnhFXHQRjUrcWcXekk/wDn4gg6xVihSqa+wQ
7uaxIAG6eIPiOPPsc7TKmXlE4BhnALeLR89iSm+Iwtm0SBNJy2P+37s0aEq7vegn
5cwqsYfLuymQEiWDMtXVa079NU6aCnlNsTfUDn83LC27RsBjNZdfvW0wY1ecaOze
MTkoXaKi7AICITiMa7VR7trXHgsW1W4azg54h4+IuqmNjv74qN/jIbsINcp1WLJB
uZg+ErAk1iVqVhmQJTHplkCB41HAJ0sNrIJ9OWMZKQUlZs0uDNANV5K8wujaLmGx
ca+WNhqhb3n+903An2SpluzcyKfuFoaF5xBQO84hcY6bi+VWImBB+ou2OSXyZ2yS
2Ih7vN5mt1JwUYMZ0SWcc8QavORnaqon1U2pfFn6Hcd0uRuOpHe64NZA9M0nDFUo
j4qEyO1kCidiRLRJu5aNOber8UaTF8yYjpDx2g4WGIG1ytkoYcEXavLvDmvOmD1X
rDeiKzgzObMuo/NBKRPW7CQtFVL5ozgcrOIG+3jx9O3j3fquRTk=
=YrjU
-----END PGP SIGNATURE-----
Reply to: