oss-sec mailing list archives
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 20 Aug 2017 21:49:05 +0200
Hi, There's now an inofficial patch: https://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7 Developed by Thorsten Glaser for MirBSD and Debian: https://www.mirbsd.org/permalinks/wlog-10_e20170811-tg.htm https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810 Debian Security Advisory: https://www.debian.org/security/2017/dsa-3940 -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVS and ssh command injection (see CVE-2017-1000117, etc.) Hank Leininger (Aug 10)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hanno Böck (Aug 20)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)