Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Aug 2017 10:10:18 +0200
From: Andreas Stieger <>
Subject: Re: CVS and ssh command injection (see
 CVE-2017-1000117, etc.)

On 08/11/2017 01:32 AM, Hank Leininger wrote:
> SSH command injection via -o... impacts CVS 1.12.x as well
> [...]
> I don't know if these were discussed on a private list prior to publication, and whether that discussion included CVS.

cvs did not come up in the private discussions that I am aware of,
thanks for pointing it out.


Andreas Stieger <>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ