Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 15 Oct 2013 23:52:51 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: dropbear sshd daemon 2013.59 release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2013 07:22 PM, Matt Johnston wrote:
> On Thu, Oct 10, 2013 at 11:41:27PM -0600, Kurt Seifried wrote:
>> On 10/10/2013 07:27 AM, Marcus Meissner wrote:
>>> It also has this changes entry which might need one: - Avoid
>>> disclosing existence of valid users through inconsistent delays 
>>> Thanks to Logan Lamb for reporting
> 
>> This one seems to not be as exploitable or did I misread the follow up
>> emails?
> 
> This one needs a CVE too, just the link was wrong.                                                                                                            
> https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a is
> the correct patch.

Please use CVE-2013-4434 for this issue.

> Cheers,
> Matt
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSXimyAAoJEBYNRVNeJnmT5AUP/28rFBFJVCSfX3UQs614CPrG
Op5zNzh6xJ1FY4GZW0uYtUE3Xu4Q/w6p5IzqiFpfkXpSuJPyFbiZ5sOuq4fS9zqE
vGgxiBavCr82tjWnN7cYsBm5g92vUvzjmtUETjHgwlpqKw9N1OYoedpkfzDQGppb
RQYlO0i3rOjs+xE9f1NQwBZquT1dijRYmq7P2bXHknQi0HUkJI4Xp77SEput9wZw
IzSGzWnPpnDQzImMgKPpR06HBsZHmfjl7vW+WDJDwCTmdkMjO5/oba38stMgvKyA
VdIggsHNzViyr9OFpt2Dtp5UKH/QwSmzM5drqej67LB7YX5ZIezp3RvfNoIRj6I8
6WCTZ9Ang6ewTjYkgdr8v7ihTeQV7mqg8V35+dR2CMMpPBIThGC9NMFe9i6m1t1A
Z6Nwslxd5eGBWUZaDuOffz9W1dVwJc0gY7YjJSUToyDsJsrgps/TbnSKDaQcaKzO
Lg5ofB47uvZ1zNrQO1SlLtQyiHL7Sm2R9VFwd3J71YsqDKf9NHcBIyP3TO7I+10y
B77ofy2+z2woezJU6OOJgUHMPzBMzosvGZoLkHmTDkIrO4QcQ9wn/kExO03kpN0f
GcJqWwH0BOPea4Cr8rpW+bQwoUXLevjZd0q5CI1jixKTlTaFsogGtS4gghlCEcZe
VO7uPmww+ZmeqVyxsEjp
=mAl1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ