[Git][security-tracker-team/security-tracker][master] Update references for CVE-2023-38408/openssh

Wed Jul 19 21:46:21 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f5e9d0b by Salvatore Bonaccorso at 2023-07-19T22:45:39+02:00
Update references for CVE-2023-38408/openssh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,13 @@
 CVE-2023-38408 [Remote Code Execution in OpenSSH's forwarded ssh-agent]
 	- openssh <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
+	NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
+	NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
+	NOTE: https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
+	NOTE: https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755
+	NOTE: Exploitation requires the presence of specific libraries on the victim system.
+	NOTE: Remote exploitation requires that the agent was forwarded to an attacker-controlled
+	NOTE: system.
 CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
 	TODO: check
 CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been declared ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5e9d0b3c5457787c6f23b8882c109835679762

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5e9d0b3c5457787c6f23b8882c109835679762
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230719/2c11b022/attachment.htm>
