Summary: | net-misc/dropbear: DSS algorithm is always enabled regardless of the savedconfig | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | fariouche <fariouche> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | ceamac, embedded, njsg |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | B4 [upstream/ebuild] | ||
See Also: |
https://github.com/mkj/dropbear/issues/288 https://github.com/mkj/dropbear/issues/295 https://github.com/mkj/dropbear/pull/297 https://github.com/gentoo/gentoo/pull/36489 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
fariouche
2024-05-07 18:12:28 UTC
(In reply to fariouche from comment #0) > [...] > upstream don't want to fix that as their proposed solution is to just no > create a dss key file. Do you have a source/reference for this, just for completeness? There is also a related PR ( https://github.com/gentoo/gentoo/pull/36489 ), maybe instead of adding ed25519 we could move all of them in conf.d and disable dss by default. |