[Secure-testing-commits] r34129 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri May 8 16:33:59 UTC 2015


Author: carnil
Date: 2015-05-08 16:33:59 +0000 (Fri, 08 May 2015)
New Revision: 34129

Modified:
   data/CVE/list
Log:
Mark one libssh issue as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-08 09:10:17 UTC (rev 34128)
+++ data/CVE/list	2015-05-08 16:33:59 UTC (rev 34129)
@@ -1231,6 +1231,8 @@
 CVE-2015-3146 [null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets]
 	RESERVED
 	- libssh <unfixed> (bug #784404)
+	[jessie] - libssh <no-dsa> (Minor issue)
+	[wheezy] - libssh <no-dsa> (Minor issue)
 	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
 	NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
 CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...)




More information about the Secure-testing-commits mailing list