[Secure-testing-commits] r34129 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri May 8 16:33:59 UTC 2015
Author: carnil
Date: 2015-05-08 16:33:59 +0000 (Fri, 08 May 2015)
New Revision: 34129
Modified:
data/CVE/list
Log:
Mark one libssh issue as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-08 09:10:17 UTC (rev 34128)
+++ data/CVE/list 2015-05-08 16:33:59 UTC (rev 34129)
@@ -1231,6 +1231,8 @@
CVE-2015-3146 [null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets]
RESERVED
- libssh <unfixed> (bug #784404)
+ [jessie] - libssh <no-dsa> (Minor issue)
+ [wheezy] - libssh <no-dsa> (Minor issue)
[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...)
More information about the Secure-testing-commits
mailing list