Author: carnil
Date: 2016-01-15 18:44:01 +0000 (Fri, 15 Jan 2016)
New Revision: 38953
Modified:
data/CVE/list
Log:
CVE-2016-1908/openssh assigned, expand comments, add TODO item
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-15 17:12:11 UTC (rev 38952)
+++ data/CVE/list 2016-01-15 18:44:01 UTC (rev 38953)
@@ -388,11 +388,14 @@
RESERVED
CVE-2016-1716
RESERVED
-CVE-2016-XXXX [Eliminate the fallback from untrusted X11-forwarding to trusted
forwarding for cases when the X server disables the SECURITY extension]
+CVE-2016-1908 [Eliminate the fallback from untrusted X11-forwarding to trusted
forwarding for cases when the X server disables the SECURITY extension]
- openssh <unfixed>
- NOTE:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
+ NOTE: Upstream commit:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
+ NOTE: which needs to be applied after:
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
NOTE: Background information on X11 SECURITY extension and SSH:
https://thejh.net/written-stuff/openssh-6.8-xsecurity
NOTE:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
+ NOTE: Red Hat Bugzilla entry:
https://bugzilla.redhat.com/show_bug.cgi?id=1298741
+ TODO: check
CVE-2016-1907 [Fix an out of-bound read access in the packet handling code]
- openssh 1:7.1p2-1
[squeeze] - openssh <not-affected> (Issue introduced in OpenSSH 6.8)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
