Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 09:43:36 +0100
From: Tomas Hoger <>
To: Gsunde Orangen <>
Subject: Re: Re: Announce: Portable OpenSSH 7.2p2 released

On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote:

> It should be noted, that the new openSSH 7.2p2 also includes the fix for
> CVE-2016-1908 as it had been assigned here:
> * SECURITY: Eliminate the fallback from untrusted X11-forwarding to
>   trusted forwarding for cases when the X server disables the
>   SECURITY extension. Reported by Thomas Hoger.

7.2p2 includes the fix, but it's not the first version that includes
it.  I see it documented in 7.2 release:

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY

and patches included in 7.2p1 already.

Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ