[Secure-testing-commits] r40471 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Mar 19 21:46:46 UTC 2016


Author: jmm
Date: 2016-03-19 21:46:46 +0000 (Sat, 19 Mar 2016)
New Revision: 40471

Modified:
   data/CVE/list
Log:
coreutils, putty no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-19 21:27:58 UTC (rev 40470)
+++ data/CVE/list	2016-03-19 21:46:46 UTC (rev 40471)
@@ -2446,6 +2446,9 @@
 CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl]
 	RESERVED
 	- coreutils <unfixed> (bug #816320)
+	[jessie] - coreutils <no-dsa> (Minor issue)
+	[wheezy] - coreutils <no-dsa> (Minor issue)
+	NOTE: Restricting ioctl on the kernel side seems the better approach
 CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl]
 	RESERVED
 	- util-linux <unfixed> (bug #815922)
@@ -2475,6 +2478,8 @@
 CVE-2016-2563 [old-style scp downloads may allow remote code execution]
 	RESERVED
 	- putty 0.67-1 (bug #816921)
+	[wheezy] - putty <no-dsa> (Minor issue)
+	[jessie] - putty <no-dsa> (Minor issue)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
 	NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
 	NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563




More information about the Secure-testing-commits mailing list