Date: Fri, 15 Jan 2016 15:03:33 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com, openssh@...nssh.com Subject: Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 On jeu., 2016-01-14 at 09:13 -0800, Qualys Security Advisory wrote: > Qualys Security Advisory > > Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 This is not directly related to the Qualys advisory, but the 7.1p2 OpenSSH releases  fixes another vulnerability, could CVE be assigned? SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes  There's also a fix  related to X11 forwarding which seems different than the fix which went into OpenSSH 6.9 [4,5]. I'm not sure if it deserves a CVE or not.  http://www.openssh.com/txt/release-7.1p2  https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789 277bb0733ca36e1c0  https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa 0db113c71e234416c  http://www.openssh.com/txt/release-6.9  https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9_P1&id=1bf477d3cdf1 a864646d59820878783d42357a1d -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.