Date: Fri, 11 Aug 2017 21:24:47 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hi On Fri, Aug 11, 2017 at 01:40:33PM +0200, Salvatore Bonaccorso wrote: > hi > > On Fri, Aug 11, 2017 at 10:10:18AM +0200, Andreas Stieger wrote: > > On 08/11/2017 01:32 AM, Hank Leininger wrote: > > > SSH command injection via -o... impacts CVS 1.12.x as well > > > [...] > > > I don't know if these were discussed on a private list prior to publication, and whether that discussion included CVS. > > > > cvs did not come up in the private discussions that I am aware of, > > thanks for pointing it out. > > FWIW, I have requested a CVE via the MITRE webform. Will followup here > once/if it gets assigned. CVE-2017-12836 was assigned for this issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ