oss-sec mailing list archives
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 15 Jan 2016 15:03:33 +0100
On jeu., 2016-01-14 at 09:13 -0800, Qualys Security Advisory wrote:
Qualys Security Advisory Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
This is not directly related to the Qualys advisory, but the 7.1p2 OpenSSH releases [1] fixes another vulnerability, could CVE be assigned? SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes [2] There's also a fix [3] related to X11 forwarding which seems different than the fix which went into OpenSSH 6.9 [4,5]. I'm not sure if it deserves a CVE or not. [1] http://www.openssh.com/txt/release-7.1p2 [2] https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789 277bb0733ca36e1c0 [3] https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa 0db113c71e234416c [4] http://www.openssh.com/txt/release-6.9 [5] https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9_P1&id=1bf477d3cdf1 a864646d59820878783d42357a1d -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 18)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 20)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jason A. Donenfeld (Jan 15)