[Secure-testing-commits] r58795 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 21 13:00:57 UTC 2017


Author: carnil
Date: 2017-12-21 13:00:57 +0000 (Thu, 21 Dec 2017)
New Revision: 58795

Modified:
   data/CVE/list
Log:
Update details for CVE-2017-16927/xrdp

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 12:53:21 UTC (rev 58794)
+++ data/CVE/list	2017-12-21 13:00:57 UTC (rev 58795)
@@ -9352,11 +9352,13 @@
 	RESERVED
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
 	{DLA-1203-1}
-	- xrdp 0.9.4-2 (bug #882463)
+	- xrdp 0.9.4-3 (bug #882463)
 	[stretch] - xrdp <no-dsa> (Minor issue)
 	[jessie] - xrdp <no-dsa> (Minor issue)
 	NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958
 	NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
+	NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression
+	NOTE: thus marking it only as fixed in the followup version, cf. #884702
 CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted ...)
 	- ohcount <unfixed> (bug #882372)
 	[stretch] - ohcount <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list