Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Aug 2017 21:24:47 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVS and ssh command injection (see
 CVE-2017-1000117, etc.)

Hi

On Fri, Aug 11, 2017 at 01:40:33PM +0200, Salvatore Bonaccorso wrote:
> hi
> 
> On Fri, Aug 11, 2017 at 10:10:18AM +0200, Andreas Stieger wrote:
> > On 08/11/2017 01:32 AM, Hank Leininger wrote:
> > > SSH command injection via -o... impacts CVS 1.12.x as well
> > > [...]
> > > I don't know if these were discussed on a private list prior to publication, and whether that discussion included CVS.
> > 
> > cvs did not come up in the private discussions that I am aware of,
> > thanks for pointing it out.
> 
> FWIW, I have requested a CVE via the MITRE webform. Will followup here
> once/if it gets assigned.

CVE-2017-12836 was assigned for this issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ