[Secure-testing-commits] r47503 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Dec 27 18:35:08 UTC 2016 

Author: carnil
Date: 2016-12-27 18:35:08 +0000 (Tue, 27 Dec 2016)
New Revision: 47503

Modified:
   data/CVE/list
Log:
CVE-2016-100{09,10,11,12}/openssh fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-27 18:26:37 UTC (rev 47502)
+++ data/CVE/list	2016-12-27 18:35:08 UTC (rev 47503)
@@ -492,7 +492,7 @@
 	NOTE: https://xenbits.xen.org/xsa/advisory-204.html
 CVE-2016-10012 [sshd(8): shared memory manager bounds checks that could be elided by some optimising compilers potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process]
 	RESERVED
-	- openssh <unfixed> (low; bug #848717)
+	- openssh 1:7.4p1-1 (low; bug #848717)
 	[jessie] - openssh <no-dsa> (Minor issue)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
@@ -501,20 +501,20 @@
 	TODO: check affected versions
 CVE-2016-10011 [sshd(8): theoretical leak of host private key material to privilege-separated child processes via realloc()]
 	RESERVED
-	- openssh <unfixed> (low; bug #848716)
+	- openssh 1:7.4p1-1 (low; bug #848716)
 	[jessie] - openssh <no-dsa> (Minor issue)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
 CVE-2016-10010 [sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root']
 	RESERVED
-	- openssh <unfixed> (unimportant; bug #848715)
+	- openssh 1:7.4p1-1 (unimportant; bug #848715)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
 	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
 	NOTE: Privilege separation is enabled in the Debian package
 CVE-2016-10009 [ssh-agent(1): load PKCS#11 modules from paths outside a trusted whitelist]
 	RESERVED
-	- openssh <unfixed> (low; bug #848714)
+	- openssh 1:7.4p1-1 (low; bug #848714)
 	[jessie] - openssh <no-dsa> (Minor issue)
 	[wheezy] - openssh <no-dsa> (Minor issue)
 	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4

More information about the Secure-testing-commits mailing list