[Secure-testing-commits] r40041 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Feb 29 05:23:21 UTC 2016
Author: carnil
Date: 2016-02-29 05:23:20 +0000 (Mon, 29 Feb 2016)
New Revision: 40041
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2016-0787, libssh2, #815662
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-29 05:23:04 UTC (rev 40040)
+++ data/CVE/list 2016-02-29 05:23:20 UTC (rev 40041)
@@ -5657,7 +5657,7 @@
CVE-2016-0787 [Weak Diffie-Hellman secret generation in libssh2 before 1.7.0]
RESERVED
{DSA-3487-1 DLA-426-1}
- - libssh2 <unfixed> (bug #815662)
+ - libssh2 1.5.0-2.1 (bug #815662)
NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
CVE-2016-0786
More information about the Secure-testing-commits
mailing list