[Secure-testing-commits] r57117 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 29 18:28:47 UTC 2017
Author: carnil
Date: 2017-10-29 18:28:45 +0000 (Sun, 29 Oct 2017)
New Revision: 57117
Modified:
data/CVE/list
Log:
Add dulwich issue, similar to CVE-2017-1000117 but should get a separate CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-29 18:07:53 UTC (rev 57116)
+++ data/CVE/list 2017-10-29 18:28:45 UTC (rev 57117)
@@ -9052,6 +9052,10 @@
NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
+CVE-2017-XXXX [dulwich: Prevents setting SSH arguments from SSH URLs when using SSH through a subprocess]
+ - dulwich 0.18.5-1
+ NOTE: This is similar class of issue as for CVE-2017-1000117/git
+ NOTE: But needs a separate CVE since different codebasis.
CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an ...)
{DSA-3934-1 DLA-1068-1}
- git 1:2.14.1-1
More information about the Secure-testing-commits
mailing list