It was reported [1] that versions of dropbear prior to 2013.59 suffered from a flaw where it would disclose the existence of valid users due to inconsistent delays on authentication failures. This has been fixed in git [2]. A CVE assignment is pending [3]. [1] https://matt.ucc.asn.au/dropbear/CHANGES [2] https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a [3] http://www.openwall.com/lists/oss-security/2013/10/10/15
Created dropbear tracking bugs for this issue: Affects: fedora-all [bug 1017985] Affects: epel-all [bug 1017986]
Can I close it now?
Closing, thank you!