Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599

To: Holger Levsen <holger@layer-acht.org>
Cc: debian-lts@lists.debian.org
Subject: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
From: Guilhem Moulin <guilhem@debian.org>
Date: Fri, 24 Aug 2018 15:21:49 +0200
Message-id: <[🔎] 20180824132149.GA6841@localhost.localdomain>
Mail-followup-to: Guilhem Moulin <guilhem@debian.org>, Holger Levsen <holger@layer-acht.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20180824090643.wusxehionqfcdtqs@layer-acht.org>
References: <[🔎] 20180824011509.GA14432@localhost.localdomain> <[🔎] 20180824082250.beubnyhooquwtiik@layer-acht.org> <[🔎] 20180824090643.wusxehionqfcdtqs@layer-acht.org>

Hi Holger,

On Fri, 24 Aug 2018 at 09:06:43 +0000, Holger Levsen wrote:
> On Fri, Aug 24, 2018 at 08:22:50AM +0000, Holger Levsen wrote:
>>> dropbear 2014.65-1+deb8u2 from jessie-security is vulnerable to
>>> CVE-2018-15599:
>>>   dget -x https://people.debian.org/~guilhem/tmp/dropbear_2014.65-1+deb8u3.dsc
>> nice. I'll sponsor your upload shortly and will then also send a DLA.
> 
> I cannot see CVE-2018-15599 fixed in sid, so I will hold back uploading
> to jessie-security until this is the case.
> 
> According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906890#31
> (written by you :) the issue is fixed upstream, so I expect you'll
> upload it shortly?

Oops yes, sorry for that.  Just uploaded 2018.76-4 with the fix :-)

-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Guilhem Moulin <guilhem@debian.org>
- Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Holger Levsen <holger@layer-acht.org>
- Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: (E)LTS report for July
Next by Date: Re: Jessie security update of libextractor?
Previous by thread: Re: dropbear 2014.65-1+deb8u3 to fix CVE-2018-15599
Next by thread: (E)LTS report for July
Index(es):
- Date
- Thread