[Secure-testing-commits] r4790 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Oct 1 10:21:08 UTC 2006


Author: jmm-guest
Date: 2006-10-01 10:21:06 +0000 (Sun, 01 Oct 2006)
New Revision: 4790

Modified:
   data/CVE/list
Log:
my analysis of the latest openssh issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-01 09:14:24 UTC (rev 4789)
+++ data/CVE/list	2006-10-01 10:21:06 UTC (rev 4790)
@@ -41,7 +41,10 @@
 CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
 	TODO: check
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
-	TODO: check
+	- openssh <unfixed> (unimportant)
+	- openssh-krb5 <unfixed> (high)
+	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
+	NOTE: However, we'll fix openssh as well just to make sure
 CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
 	TODO: check
 CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
@@ -296,10 +299,15 @@
 	TODO: check
 CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
 	TODO: check
-CVE-2006-4925
+CVE-2006-4925 [openssh GSSAPI information leak)
 	RESERVED
+	- openssh <unfixed> (low)
+	- openssh-krb5 <unfixed> (low)
+	[sarge] - openssh <not-affected>
+	[sarge] - openssh-krb5 <not-affected>
 CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
 	- openssh <unfixed> (low; bug #389995)
+	- openssh-krb5 <unfixed> (low)
 CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
 	NOT-FOR-US: eSyndiCat Portal System
 CVE-2006-4922 (Unrestricted file upload vulnerability in ...)




More information about the Secure-testing-commits mailing list