A weakness has been reported in Dropbear, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to Dropbear not warning users sufficiently if a hostkey changed, which makes it easier for attackers to e.g. conduct man-in-the-middle attacks. The weakness is reported in versions prior to 0.49. SOLUTION: Update to version 0.49.
0.49 is already in the tree
arches, please test and stable 0.49, thanks
x86 stable
Stable for HPPA.
ppc stable
amd64 stable
SPARC stable
alpha stable
all security supported arches marked stable ready for glsa voting
Stable on MIPS.
previous dropbear versions asked for confirmation if a hostkey changed, so this is only a security enhancement - imho not enough for a glsa: voting no
voting no too. Closing. Feel free to reopen if you disagree.
ia64 stable