oss-sec mailing list archives
Re: CVE Request: dropbear sshd daemon 2013.59 release
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 15 Oct 2013 23:52:51 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2013 07:22 PM, Matt Johnston wrote:
On Thu, Oct 10, 2013 at 11:41:27PM -0600, Kurt Seifried wrote:On 10/10/2013 07:27 AM, Marcus Meissner wrote:It also has this changes entry which might need one: - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reportingThis one seems to not be as exploitable or did I misread the follow up emails?This one needs a CVE too, just the link was wrong. https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a is the correct patch.
Please use CVE-2013-4434 for this issue.
Cheers, Matt
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSXimyAAoJEBYNRVNeJnmT5AUP/28rFBFJVCSfX3UQs614CPrG Op5zNzh6xJ1FY4GZW0uYtUE3Xu4Q/w6p5IzqiFpfkXpSuJPyFbiZ5sOuq4fS9zqE vGgxiBavCr82tjWnN7cYsBm5g92vUvzjmtUETjHgwlpqKw9N1OYoedpkfzDQGppb RQYlO0i3rOjs+xE9f1NQwBZquT1dijRYmq7P2bXHknQi0HUkJI4Xp77SEput9wZw IzSGzWnPpnDQzImMgKPpR06HBsZHmfjl7vW+WDJDwCTmdkMjO5/oba38stMgvKyA VdIggsHNzViyr9OFpt2Dtp5UKH/QwSmzM5drqej67LB7YX5ZIezp3RvfNoIRj6I8 6WCTZ9Ang6ewTjYkgdr8v7ihTeQV7mqg8V35+dR2CMMpPBIThGC9NMFe9i6m1t1A Z6Nwslxd5eGBWUZaDuOffz9W1dVwJc0gY7YjJSUToyDsJsrgps/TbnSKDaQcaKzO Lg5ofB47uvZ1zNrQO1SlLtQyiHL7Sm2R9VFwd3J71YsqDKf9NHcBIyP3TO7I+10y B77ofy2+z2woezJU6OOJgUHMPzBMzosvGZoLkHmTDkIrO4QcQ9wn/kExO03kpN0f GcJqWwH0BOPea4Cr8rpW+bQwoUXLevjZd0q5CI1jixKTlTaFsogGtS4gghlCEcZe VO7uPmww+ZmeqVyxsEjp =mAl1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: dropbear sshd daemon 2013.59 release Marcus Meissner (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Seth Arnold (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 15)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)