[Git][security-tracker-team/security-tracker][master] Reference report about CVE-2023-51385 and CVE-2023-6004

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 26 20:55:31 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86aed096 by Salvatore Bonaccorso at 2023-12-26T21:54:51+01:00
Reference report about CVE-2023-51385 and CVE-2023-6004

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1449,6 +1449,7 @@ CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur i
 	- openssh 1:9.6p1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
+	NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
 CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...)
 	- openssh 1:9.6p1-1
 	[bookworm] - openssh 1:9.2p1-2+deb12u2
@@ -6209,6 +6210,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for mess
 CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code through hostname]
 	- libssh 0.10.6-1 (bug #1059061)
 	NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
+	NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6)
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86aed096f46f17921d14dd5fbc46dc79d83a3498

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86aed096f46f17921d14dd5fbc46dc79d83a3498
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231226/5c0d6f65/attachment.htm>

More information about the debian-security-tracker-commits mailing list