[Secure-testing-commits] r57121 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Oct 29 21:37:31 UTC 2017
Author: jmm
Date: 2017-10-29 21:37:30 +0000 (Sun, 29 Oct 2017)
New Revision: 57121
Modified:
data/CVE/list
Log:
dulwich CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-29 21:10:17 UTC (rev 57120)
+++ data/CVE/list 2017-10-29 21:37:30 UTC (rev 57121)
@@ -1,5 +1,10 @@
CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote ...)
- TODO: check
+ - dulwich 0.18.5-1
+ [stretch] - dulwich <no-dsa> (Minor issue)
+ [jessie] - dulwich <no-dsa> (Minor issue)
+ NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/
+ NOTE: This is similar class of issue as for CVE-2017-1000117/git
+ NOTE: But needs a separate CVE since different codebasis.
CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 ...)
TODO: check
CVE-2017-16226
@@ -9912,13 +9917,6 @@
NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
-CVE-2017-XXXX [dulwich: Prevents setting SSH arguments from SSH URLs when using SSH through a subprocess]
- - dulwich 0.18.5-1
- [stretch] - dulwich <no-dsa> (Minor issue)
- [jessie] - dulwich <no-dsa> (Minor issue)
- NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/
- NOTE: This is similar class of issue as for CVE-2017-1000117/git
- NOTE: But needs a separate CVE since different codebasis.
CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an ...)
{DSA-3934-1 DLA-1068-1}
- git 1:2.14.1-1
More information about the Secure-testing-commits
mailing list