Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
*** Bug 619198 has been marked as a duplicate of this bug. ***
@ Maintainer(s): Please bump to >=net-misc/dropbear-2017.75!
The bug has been referenced in the following commit(s):
Author: Mike Frysinger <email@example.com>
AuthorDate: 2018-01-12 05:30:41 +0000
Commit: Mike Frysinger <firstname.lastname@example.org>
CommitDate: 2018-01-12 05:30:41 +0000
net-misc/dropbear: version bump to 2017.75 #619002
net-misc/dropbear/Manifest | 1 +
net-misc/dropbear/dropbear-2017.75.ebuild | 98 +++++++++++++++++++++++++++++++
2 files changed, 99 insertions(+)}
@maintainer(s), please call for stable when ready.
@arches, please stabilize.
Author: Rolf Eike Beer <email@example.com>
Date: Mon Mar 26 18:37:53 2018 +0200
net-misc/dropbear: stable 2017.75 for sparc, bug #619002
Stable on alpha.
add missing arches...
GLSA vote: no.