FTR, Vincent Lefevre wrote: > On 2008-06-02 05:30:11 +0000, Matthew Hall wrote: > > Package: dropbear > > Version: 0.51-1 > > Severity: normal > > Tags: security > > > > The dropbear server should include support for disallowing the usage of > > blacklisted SSH keys generated on systems which were vulnerable to > > DSA-1576-1 [1]. > [...] > > IMHO, this bug is obsolete and should be closed. > > In 2012 (almost 7 years ago!), from the openssh changelog: > > - Drop openssh-blacklist and openssh-blacklist-extra to Suggests. It's > been long enough since the relevant vulnerability that we shouldn't > need these installed by default nowadays.
Note that openssh blacklist package are kinda-sorta replaced by the KRL: https://manpages.debian.org/buster/openssh-server/sshd_config.5.en.html#RevokedKeys AFAIK dropbear (and GNU SSH and tinysshd) have no equivalent, but I didn't look very hard.
