1) CVE-2018-15599 Description: "Change handling of failed authentication to avoid disclosing valid usernames, CVE-2018-15599." Patch: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 2) Description: "Improvements to DSS and RSA public key validation, found by OSS-Fuzz. " Patches: miscellaneous 3) Description: "Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz" Patch: https://secure.ucc.asn.au/hg/dropbear/rev/dc7c9fdb3716 4) Description: "Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz" 5) (possible?) Possible issue: Description: "While login as root user, after prompt for password, user is being notified about login failure, but after second attempt of prompt for password within same session, login becomes successful." PR: https://github.com/mkj/dropbear/pull/78 Patch: https://secure.ucc.asn.au/hg/dropbear/rev/258b57b208ae --- Note that only vulnerability 1 has a CVE. All were fixed in 2019.77.
amd64 stable
s390 stable
sparc stable
ppc stable
ppc64 stable
x86 stable
arm stable
arm64 stable
SuperH port disbanded.
hppa stable
ia64 will pass. See https://archives.gentoo.org/gentoo-dev/message/edaadc85d7423810dd6ecfeda29cc85f
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e95328af49490a2ec8eb58b4a79e0dd154ce18e3 commit e95328af49490a2ec8eb58b4a79e0dd154ce18e3 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-01 19:18:53 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-01 19:19:06 +0000 net-misc/dropbear: security cleanup (bug #713102) Bug: https://bugs.gentoo.org/713102 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/dropbear/Manifest | 2 - net-misc/dropbear/dropbear-2017.75.ebuild | 98 ----------------------------- net-misc/dropbear/dropbear-2018.76.ebuild | 101 ------------------------------ 3 files changed, 201 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e4e67df6fbf421f137df51baa4d38725819cba commit 07e4e67df6fbf421f137df51baa4d38725819cba Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-01 19:18:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-01 19:19:05 +0000 net-misc/dropbear: ia64 & m68k marked stable (bug #713102) Bug: https://bugs.gentoo.org/713102 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/dropbear/dropbear-2019.78.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA Vote: No! Repository is clean, all done!