On Sun, Mar 04, 2007 at 04:22:53PM +, Gerrit Pape wrote:
On Sun, Mar 04, 2007 at 01:27:04AM -0800, Steve Langasek wrote:
On Sun, Mar 04, 2007 at 08:55:21AM +, Gerrit Pape wrote:
I would like to see this fixed in etch (and sarge), and now realize that
uploading the new upstream
On Sat, Mar 03, 2007 at 08:46:28PM -0800, Steve Langasek wrote:
The description of this bug in the upstream changelog is:
- Security: dbclient previously would prompt to confirm a
mismatching hostkey but wouldn't warn loudly. It will now
exit upon a mismatch.
Why should it didn't
On Sun, Mar 04, 2007 at 08:55:21AM +, Gerrit Pape wrote:
On Sat, Mar 03, 2007 at 08:46:28PM -0800, Steve Langasek wrote:
The description of this bug in the upstream changelog is:
- Security: dbclient previously would prompt to confirm a
mismatching hostkey but wouldn't warn loudly.
On Sun, Mar 04, 2007 at 01:27:04AM -0800, Steve Langasek wrote:
On Sun, Mar 04, 2007 at 08:55:21AM +, Gerrit Pape wrote:
I would like to see this fixed in etch (and sarge), and now realize that
uploading the new upstream version wasn't the right thing. Do you agree
with an upload of
The description of this bug in the upstream changelog is:
- Security: dbclient previously would prompt to confirm a
mismatching hostkey but wouldn't warn loudly. It will now
exit upon a mismatch.
Why should it didn't warn loudly be a grave security bug? Isn't any sort
of prompt already a
Package: dropbear
Severity: grave
Tags: security
Justification: user security hole
From CVE-2007-1099:
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user
when it detects a hostkey mismatch, which might allow remote attackers to
conduct man-in-the-middle attacks.
This
On Wed, Feb 28, 2007 at 08:59:47PM +0100, Stefan Fritsch wrote:
From CVE-2007-1099:
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the
user
when it detects a hostkey mismatch, which might allow remote attackers to
conduct man-in-the-middle attacks.
This is fixed in
7 matches
Mail list logo
