Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599

To: Guilhem Moulin <guilhem@debian.org>, debian-lts@lists.debian.org
Subject: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
From: Holger Levsen <holger@layer-acht.org>
Date: Fri, 24 Aug 2018 09:06:43 +0000
Message-id: <[🔎] 20180824090643.wusxehionqfcdtqs@layer-acht.org>
In-reply-to: <[🔎] 20180824082250.beubnyhooquwtiik@layer-acht.org>
References: <[🔎] 20180824011509.GA14432@localhost.localdomain> <[🔎] 20180824082250.beubnyhooquwtiik@layer-acht.org>

Hi Guilhem,

On Fri, Aug 24, 2018 at 08:22:50AM +0000, Holger Levsen wrote:
> > dropbear 2014.65-1+deb8u2 from jessie-security is vulnerable to
> > CVE-2018-15599:
> >     dget -x https://people.debian.org/~guilhem/tmp/dropbear_2014.65-1+deb8u3.dsc
> nice. I'll sponsor your upload shortly and will then also send a DLA.

I cannot see CVE-2018-15599 fixed in sid, so I will hold back uploading
to jessie-security until this is the case.

According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906890#31
(written by you :) the issue is fixed upstream, so I expect you'll
upload it shortly?

-- 
cheers,
	Holger

-------------------------------------------------------------------------------
                    holger@(debian|reproducible-builds).org

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Guilhem Moulin <guilhem@debian.org>

References:
- dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Guilhem Moulin <guilhem@debian.org>
- Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
Next by Date: (E)LTS report for July
Previous by thread: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
Next by thread: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
Index(es):
- Date
- Thread