[Secure-testing-commits] r57118 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 29 18:34:27 UTC 2017
Author: carnil
Date: 2017-10-29 18:34:27 +0000 (Sun, 29 Oct 2017)
New Revision: 57118
Modified:
data/CVE/list
Log:
Add commit reference for dulwich issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-29 18:28:45 UTC (rev 57117)
+++ data/CVE/list 2017-10-29 18:34:27 UTC (rev 57118)
@@ -9054,6 +9054,7 @@
NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2017-XXXX [dulwich: Prevents setting SSH arguments from SSH URLs when using SSH through a subprocess]
- dulwich 0.18.5-1
+ NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/
NOTE: This is similar class of issue as for CVE-2017-1000117/git
NOTE: But needs a separate CVE since different codebasis.
CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an ...)
More information about the Secure-testing-commits
mailing list