[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079

Hi Guilhem,

On Sat, 20 May 2017, Guilhem Moulin wrote:
I did check that public key authentication is still working under
2012.55-1.3+deb7u2 (I didn't make any other check though).

thanks a lot for that fix, I just uploaded your new version to wheezy-security. Later I will also send the DLA ...

Note that 2017.75 fixes another security vulnerability, namely
CVE-2017-9078, but I believe that 2012.55 is not affected by the double
free.  Not sure how to tell the security tracker, though.

Ok, I marked that CVE as not-affected for Wheezy.

Thanks for your work on Debian LTS!

Many thanks to you for the patch.


Reply to: