Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0831b080 by Salvatore Bonaccorso at 2019-01-11T15:48:00Z Add CVE-2019-6111, CVE-2019-6110 and CVE-2019-6109 Those correspond to the #2, #3 and #4 issues in https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt and affecting src:openssh but not fixed as per now upstream. Only #1 was adressed and is tracked in CVE-2018-20685. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -56,12 +56,18 @@ CVE-2019-6113 RESERVED CVE-2019-6112 RESERVED -CVE-2019-6111 +CVE-2019-6111 [scp client missing received object name validation] RESERVED -CVE-2019-6110 + - openssh <unfixed> + NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt +CVE-2019-6110 [scp client spoofing via stderr] RESERVED -CVE-2019-6109 + - openssh <unfixed> + NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt +CVE-2019-6109 [scp client spoofing via object name] RESERVED + - openssh <unfixed> + NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt CVE-2018-20698 RESERVED CVE-2018-20697 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0831b0803bf49c9374144632c9226b54b065676c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0831b0803bf49c9374144632c9226b54b065676c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
