[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted dropbear 2012.55-1.3+deb7u2 (source amd64) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 May 2017 20:49:16 +0200
Source: dropbear
Binary: dropbear
Architecture: source amd64
Version: 2012.55-1.3+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear   - lightweight SSH2 server and client
Changes:
 dropbear (2012.55-1.3+deb7u2) wheezy-security; urgency=high
 .
   * Backport fix for CVE-2017-9079 from 2017.75: information disclosure with
     ~/.ssh/authorized_keys symlink.
     Dropbear parsed authorized_keys as root, even if it were a symlink. The
     fix is to switch to user permissions when opening authorized_keys A user
     could symlink their ~/.ssh/authorized_keys to a root-owned file they
     couldn't normally read. If they managed to get that file to contain valid
     authorized_keys with command= options it might be possible to read other
     contents of that file.
     This information disclosure is to an already authenticated user.
Checksums-Sha1:
 6564c271fcf0f927c89975203f5bbc4fb5289464 1832 dropbear_2012.55-1.3+deb7u2.dsc
 2c65dd1f423884a38079f5e4386c698015222279 1774927 dropbear_2012.55.orig.tar.gz
 16b185cf8aaac243c9a3cd2b470e379c9d4f6f7b 26969 dropbear_2012.55-1.3+deb7u2.debian.tar.gz
 bafc61cd06e1fe9807e31941a59bf28a0a7ac468 283008 dropbear_2012.55-1.3+deb7u2_amd64.deb
Checksums-Sha256:
 6a7e95e08e4ebf0e6b376c2180dae5669a744fd14e242f9f7b3076e7bd2274df 1832 dropbear_2012.55-1.3+deb7u2.dsc
 808df243c61bb60f2f18fa64bca628cbba0918b2a14139f10e6d59d4ac5a17ce 1774927 dropbear_2012.55.orig.tar.gz
 88340ec78d89003aef894b6ec54f1a6d265aeeb76f3b7a016f037c0fecf094b3 26969 dropbear_2012.55-1.3+deb7u2.debian.tar.gz
 791994380e198ec956dd3fa76116fed302774f1bfdb09921a9a0fb99cc001263 283008 dropbear_2012.55-1.3+deb7u2_amd64.deb
Files:
 0151f9466277e000731c984a70e60444 1832 net optional dropbear_2012.55-1.3+deb7u2.dsc
 44836e5a0419ba12557f9ea46880077e 1774927 net optional dropbear_2012.55.orig.tar.gz
 a55614cdad8a8a35e2f22d086562235c 26969 net optional dropbear_2012.55-1.3+deb7u2.debian.tar.gz
 8b0596e81bbaed1c11df292b6bf13901 283008 net optional dropbear_2012.55-1.3+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkhzq5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeYxg/+PBN5FWibUqkFcrNpIDCHsKK6Njyr/M6t843LneKeU3XkpdhC3SVsENvW
cFr2Gp4ikz8+XB2n5UCrii9CDXi2/pVrXYayJzv0QCdOT0tFzUlWXGPppsGscU2/
lZfgiAW9Nk1KYQ90WHi0+s4D9h0jvyKBYTxXJvhEKsTxQqs3VOUbjH0VUSmszWyH
lACCqa8lvAuvTb1oogwloUOylzvtZ/nqwrm7buAS0TLx6dGt22oC5dhQfXQws131
B8yK4dA8x7jW35+sbDpvrZ3JIOnJNfcrWIZQd+GTPci8QR+G5dO1xBdoeve4jvqo
nmWg1YJ9TJNW9VWcSNSRJ96tImJ19OY0ZLnwLOYz4Vats7It2f40ftU/HCbThvgQ
VzuFKc/+eiyj1JDGbU9jN8NkkpbV/bbdssXWH4i+gnZ80z6iM1WomwC03MUuEQJ2
eI1fkJlCVXiJsrFJ8f4LXdI9AX3ncgwDCnzI05JaaO5ivDc7c+lzvTqUOAEcym8N
kSGo8XjNmDDniz2h8QMfqZIGyZ1GAHQ9x9bAlpU4BkrYrvuEol+LKx73ct/VJJKL
MS4yShAyocx+YcKWCd/uCtdbGxqDfDB7cFCUt7RTk/8YVa2f84AFelTbUphudwBt
8Q/q+6QMVbhZG68ghXhsOlFzPHW0cT7U0wP5aOVwvzl/yVU+O7I=
=zxw+
-----END PGP SIGNATURE-----
Reply to: