On 2008-06-02 05:30:11 +0000, Matthew Hall wrote:
> Package: dropbear
> Version: 0.51-1
> Severity: normal
> Tags: security
>
> The dropbear server should include support for disallowing the usage of
> blacklisted SSH keys generated on systems which were vulnerable to
> DSA-1576-1 [1].
[...]
IMHO, this bug is obsolete and should be closed.
In 2012 (almost 7 years ago!), from the openssh changelog:
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests. It's
been long enough since the relevant vulnerability that we shouldn't
need these installed by default nowadays.
FYI, due to this bug with the security tag, I get a complaint when
I want to upgrade dropbear-run, as it has been renamed to dropbear
and this old bug matches. This is annoying.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
