[Secure-testing-commits] r26326 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Mar 28 22:22:12 UTC 2014
Author: carnil
Date: 2014-03-28 22:22:12 +0000 (Fri, 28 Mar 2014)
New Revision: 26326
Modified:
data/CVE/list
Log:
Two openssh issues fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-28 20:48:02 UTC (rev 26325)
+++ data/CVE/list 2014-03-28 22:22:12 UTC (rev 26326)
@@ -9,7 +9,7 @@
- postfixadmin 2.3.5-3
NOTE: http://sourceforge.net/p/postfixadmin/code/1650
CVE-2014-2653 [if the server offers a certificate, the client doesn't check the DNS for SSHFP records]
- - openssh <unfixed> (low; bug #742513)
+ - openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652
RESERVED
CVE-2014-2651
@@ -333,7 +333,7 @@
[wheezy] - xen <not-affected> (Only exploitable with Linux >= 3.12)
[squeeze] - xen <not-affected> (Only exploitable with Linux >= 3.12)
CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on ...)
- - openssh <unfixed>
+ - openssh 1:6.6p1-1
NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_*
NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
CVE-2014-2581 [credentials cache leak]
More information about the Secure-testing-commits
mailing list