[3.5] dropbear: User enumeration vulnerability (CVE-2018-15599)
The recv_msg_userauth_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
(from redmine: issue id 9351, created on 2018-08-28, closed on 2018-11-08)
main/dropbear: security fix (CVE-2018-15599) Fixes #9351