oss-sec mailing list archives
Re: CVE Request: dropbear sshd daemon 2013.59 release
From: Matt Johnston <matt () ucc asn au>
Date: Sat, 12 Oct 2013 09:22:26 +0800
On Thu, Oct 10, 2013 at 11:41:27PM -0600, Kurt Seifried wrote:
On 10/10/2013 07:27 AM, Marcus Meissner wrote:It also has this changes entry which might need one: - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting
This one seems to not be as exploitable or did I misread the follow up emails?
This one needs a CVE too, just the link was wrong. https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a is the correct patch. Cheers, Matt
Current thread:
- CVE Request: dropbear sshd daemon 2013.59 release Marcus Meissner (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Seth Arnold (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 15)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)