Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jan 2016 15:03:33 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com, openssh@...nssh.com
Subject: Re: Qualys Security Advisory - Roaming through the
 OpenSSH client: CVE-2016-0777 and CVE-2016-0778

On jeu., 2016-01-14 at 09:13 -0800, Qualys Security Advisory wrote:
> Qualys Security Advisory
> 
> Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

This is not directly related to the Qualys advisory, but the 7.1p2 OpenSSH
releases [1] fixes another vulnerability, could CVE be assigned?

SECURITY: Fix an out of-bound read access in the packet handling code.
Reported by Ben Hawkes [2]

There's also a fix [3] related to X11 forwarding which seems different than
the fix which went into OpenSSH 6.9 [4,5]. I'm not sure if it deserves a CVE
or not.


[1] http://www.openssh.com/txt/release-7.1p2
[2] https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789
277bb0733ca36e1c0
[3] https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa
0db113c71e234416c
[4] http://www.openssh.com/txt/release-6.9
[5] https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9_P1&id=1bf477d3cdf1
a864646d59820878783d42357a1d
-- 
Yves-Alexis


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.