Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079

To: Guilhem Moulin <guilhem@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 21 May 2017 19:37:12 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1705211934450.1645@jupiter.server.alteholz.net>
In-reply-to: <[🔎] 20170520193702.h2w2e5rtfg4o34ee@localhost.localdomain>
References: <[🔎] 20170520193702.h2w2e5rtfg4o34ee@localhost.localdomain>

Hi Guilhem,

On Sat, 20 May 2017, Guilhem Moulin wrote:

I did check that public key authentication is still working under
2012.55-1.3+deb7u2 (I didn't make any other check though).

thanks a lot for that fix, I just uploaded your new version towheezy-security. Later I will also send the DLA ...

Note that 2017.75 fixes another security vulnerability, namely
CVE-2017-9078, but I believe that 2012.55 is not affected by the double
free.  Not sure how to tell the security tracker, though.


Ok, I marked that CVE as not-affected for Wheezy.

Thanks for your work on Debian LTS!


Many thanks to you for the patch.

  Thorsten

Reply to:

References:
- dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079
  - From: Guilhem Moulin <guilhem@debian.org>

Prev by Date: Re: Wheezy update of dropbear?
Next by Date: Re: Wheezy update of dropbear?
Previous by thread: Re: dropbear 2012.55-1.3+deb7u2 to fix CVE-2017-9079
Next by thread: Wheezy update of graphicsmagick?
Index(es):
- Date
- Thread