[Secure-testing-commits] r58795 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 21 13:00:57 UTC 2017
Author: carnil
Date: 2017-12-21 13:00:57 +0000 (Thu, 21 Dec 2017)
New Revision: 58795
Modified:
data/CVE/list
Log:
Update details for CVE-2017-16927/xrdp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 12:53:21 UTC (rev 58794)
+++ data/CVE/list 2017-12-21 13:00:57 UTC (rev 58795)
@@ -9352,11 +9352,13 @@
RESERVED
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
{DLA-1203-1}
- - xrdp 0.9.4-2 (bug #882463)
+ - xrdp 0.9.4-3 (bug #882463)
[stretch] - xrdp <no-dsa> (Minor issue)
[jessie] - xrdp <no-dsa> (Minor issue)
NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958
NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
+ NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression
+ NOTE: thus marking it only as fixed in the followup version, cf. #884702
CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted ...)
- ohcount <unfixed> (bug #882372)
[stretch] - ohcount <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list