[Secure-testing-commits] r11930 - data/CVE

Tue May 19 17:10:27 UTC 2009

Author: gilbert-guest
Date: 2009-05-19 17:10:27 +0000 (Tue, 19 May 2009)
New Revision: 11930

Modified:
   data/CVE/list
Log:
need to reassess severity of openssh issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-05-19 16:23:40 UTC (rev 11929)
+++ data/CVE/list	2009-05-19 17:10:27 UTC (rev 11930)
@@ -7865,6 +7865,9 @@
 	- openssh <unfixed> (low; bug #506115)
 	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
 	[lenny] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
+	NOTE: I don't see this as being minor (a 1 in 262,144 chance of recovering 32 plaintext bits is rather good)
+	NOTE: See http://www.theregister.co.uk/2009/05/19/open_ssh_hack/
+	TODO: reassess severity
 CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...)
 	{DTSA-179-1}
 	- geshi 1.0.8.1-1 (medium)


