Date: Fri, 15 Jan 2016 15:03:33 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com, openssh@...nssh.com Subject: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 On jeu., 2016-01-14 at 09:13 -0800, Qualys Security Advisory wrote: > Qualys Security Advisory > > Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 This is not directly related to the Qualys advisory, but the 7.1p2 OpenSSH releases  fixes another vulnerability, could CVE be assigned? SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes  There's also a fix  related to X11 forwarding which seems different than the fix which went into OpenSSH 6.9 [4,5]. I'm not sure if it deserves a CVE or not.  http://www.openssh.com/txt/release-7.1p2  https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789 277bb0733ca36e1c0  https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa 0db113c71e234416c  http://www.openssh.com/txt/release-6.9  https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9_P1&id=1bf477d3cdf1 a864646d59820878783d42357a1d -- Yves-Alexis [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ