[Secure-testing-commits] r39309 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Fri Jan 29 21:01:23 UTC 2016
Author: anarcat
Date: 2016-01-29 21:01:23 +0000 (Fri, 29 Jan 2016)
New Revision: 39309
Modified:
data/CVE/list
Log:
Summary: can't reproduce cpio vuln, add details of openssh
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-29 20:09:48 UTC (rev 39308)
+++ data/CVE/list 2016-01-29 21:01:23 UTC (rev 39309)
@@ -598,6 +598,7 @@
RESERVED
- cpio <unfixed> (bug #812401)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
+ NOTE: can't reproduce in wheezy or squeeze? http://www.openwall.com/lists/oss-security/2016/01/29/11
CVE-2016-2050 [out of bound write in libdwarf -20151114]
RESERVED
- dwarfutils <unfixed>
@@ -1042,7 +1043,8 @@
NOTE: Background information on X11 SECURITY extension and SSH: https://thejh.net/written-stuff/openssh-6.8-xsecurity
NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
NOTE: Red Hat Bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=1298741
- TODO: check
+ NOTE: vulnerability is partly due to /etc/X11/Xsession.d/35x11-common_xhost-local introduced in x11-common in 1:7.6+9 (wheezy and up)
+ TODO: check if squeeze is vulnerable
CVE-2016-1907 (The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...)
- openssh 1:7.1p2-1
[jessie] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
More information about the Secure-testing-commits
mailing list