Information on source package dropbear

Available versions

ReleaseVersion
jessie2014.65-1+deb8u3
stretch2016.74-5+deb9u1
buster2018.76-5+deb10u2
bullseye2020.81-3+deb11u2
bookworm2022.83-1+deb12u2
trixie2024.86-1
sid2024.86-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-48795vulnerablevulnerablefixedfixedfixedfixedfixedThe SSH transport protocol with certain OpenSSH extensions, found in O ...
CVE-2021-36369vulnerablevulnerablefixedfixedfixedfixedfixedAn issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ...
CVE-2019-12953vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedDropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-36254vulnerablevulnerablevulnerablefixedfixedfixedfixedscp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...
CVE-2016-7409vulnerablefixedfixedfixedfixedfixedfixedThe dbclient and server in Dropbear SSH before 2016.74, when compiled ...

Resolved issues

BugDescription
CVE-2018-15599The recv_msg_userauth_request function in svr-auth.c in Dropbear throu ...
CVE-2017-9079Dropbear before 2017.75 might allow local users to read certain files ...
CVE-2017-9078The server in Dropbear before 2017.75 might allow post-authentication ...
CVE-2017-2659It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...
CVE-2016-7408The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...
CVE-2016-7407The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ...
CVE-2016-7406Format string vulnerability in Dropbear SSH before 2016.74 allows remo ...
CVE-2016-3116CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ...
CVE-2013-4434Dropbear SSH Server before 2013.59 generates error messages for a fail ...
CVE-2013-4421The buf_decompress function in packet.c in Dropbear SSH Server before ...
CVE-2012-0920Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012. ...
CVE-2007-1099dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...
CVE-2006-1206Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedde ...
CVE-2006-0225scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...
CVE-2005-4178Buffer overflow in Dropbear server before 0.47 allows authenticated us ...
CVE-2004-2486The DSS verification code in Dropbear SSH Server before 0.43 frees uni ...

Security announcements

DSA / DLADescription
DLA-3187-1dropbear - security update
DLA-1476-1dropbear - security update
DLA-948-1dropbear - security update
DSA-3859-1dropbear - security update
DLA-634-1dropbear - security update
DSA-2456-1dropbear - use after free
DSA-923-1dropbear - buffer overflow

Search for package or bug name: Reporting problems