Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079
On Sat, 20 May 2017, Guilhem Moulin wrote:
I did check that public key authentication is still working under
2012.55-1.3+deb7u2 (I didn't make any other check though).
thanks a lot for that fix, I just uploaded your new version to
wheezy-security. Later I will also send the DLA ...
Note that 2017.75 fixes another security vulnerability, namely
CVE-2017-9078, but I believe that 2012.55 is not affected by the double
free. Not sure how to tell the security tracker, though.
Ok, I marked that CVE as not-affected for Wheezy.
Thanks for your work on Debian LTS!
Many thanks to you for the patch.