[Secure-testing-commits] r50158 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 29 05:41:46 UTC 2017
Author: carnil
Date: 2017-03-29 05:41:46 +0000 (Wed, 29 Mar 2017)
New Revision: 50158
Modified:
data/CVE/list
Log:
Mark CVE-2017-6542/putty as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-29 05:20:21 UTC (rev 50157)
+++ data/CVE/list 2017-03-29 05:41:46 UTC (rev 50158)
@@ -1951,8 +1951,12 @@
NOT-FOR-US: Nessus
CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...)
- putty 0.67-3 (bug #857642)
+ [jessie] - putty <no-dsa> (Minor issue)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68)
+ NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if
+ NOTE: the attacker can already be able to connect to the Unix-domain socket
+ NOTE: representing the forwarded agent connection.
CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
NOT-FOR-US: webpagetest
CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
More information about the Secure-testing-commits
mailing list