[Secure-testing-commits] r34077 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue May 5 05:56:49 UTC 2015


Author: carnil
Date: 2015-05-05 05:56:48 +0000 (Tue, 05 May 2015)
New Revision: 34077

Modified:
   data/CVE/list
Log:
Add CVE-2015-3146/libssh

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-05 05:45:00 UTC (rev 34076)
+++ data/CVE/list	2015-05-05 05:56:48 UTC (rev 34077)
@@ -809,8 +809,10 @@
 CVE-2015-3147
 	RESERVED
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3146
+CVE-2015-3146 [null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets]
 	RESERVED
+	- libssh <unfixed>
+	NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
 CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...)
 	- curl 7.42.0-1
 	[jessie] - curl 7.38.0-4+deb8u1




More information about the Secure-testing-commits mailing list