Date: Wed, 16 Mar 2016 09:43:36 +0100 From: Tomas Hoger <thoger@...hat.com> To: Gsunde Orangen <gsunde.orangen@...il.com> Cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: Re: Announce: Portable OpenSSH 7.2p2 released On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote: > It should be noted, that the new openSSH 7.2p2 also includes the fix for > CVE-2016-1908 as it had been assigned here: > http://seclists.org/oss-sec/2016/q1/115 > > * SECURITY: Eliminate the fallback from untrusted X11-forwarding to > trusted forwarding for cases when the X server disables the > SECURITY extension. Reported by Thomas Hoger. 7.2p2 includes the fix, but it's not the first version that includes it. I see it documented in 7.2 release: http://www.openssh.com/txt/release-7.2 * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. and patches included in 7.2p1 already. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.