[Secure-testing-commits] r40471 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Mar 19 21:46:46 UTC 2016
Author: jmm
Date: 2016-03-19 21:46:46 +0000 (Sat, 19 Mar 2016)
New Revision: 40471
Modified:
data/CVE/list
Log:
coreutils, putty no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-19 21:27:58 UTC (rev 40470)
+++ data/CVE/list 2016-03-19 21:46:46 UTC (rev 40471)
@@ -2446,6 +2446,9 @@
CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl]
RESERVED
- coreutils <unfixed> (bug #816320)
+ [jessie] - coreutils <no-dsa> (Minor issue)
+ [wheezy] - coreutils <no-dsa> (Minor issue)
+ NOTE: Restricting ioctl on the kernel side seems the better approach
CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl]
RESERVED
- util-linux <unfixed> (bug #815922)
@@ -2475,6 +2478,8 @@
CVE-2016-2563 [old-style scp downloads may allow remote code execution]
RESERVED
- putty 0.67-1 (bug #816921)
+ [wheezy] - putty <no-dsa> (Minor issue)
+ [jessie] - putty <no-dsa> (Minor issue)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
More information about the Secure-testing-commits
mailing list