Date: Fri, 11 Aug 2017 10:10:18 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com Subject: Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) On 08/11/2017 01:32 AM, Hank Leininger wrote: > SSH command injection via -o... impacts CVS 1.12.x as well > [...] > I don't know if these were discussed on a private list prior to publication, and whether that discussion included CVS. cvs did not come up in the private discussions that I am aware of, thanks for pointing it out. Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ