Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f5e9d0b by Salvatore Bonaccorso at 2023-07-19T22:45:39+02:00
Update references for CVE-2023-38408/openssh
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,13 @@
CVE-2023-38408 [Remote Code Execution in OpenSSH's forwarded ssh-agent]
- openssh <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
+ NOTE:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
+ NOTE:
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
+ NOTE:
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
+ NOTE:
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755
+ NOTE: Exploitation requires the presence of specific libraries on the
victim system.
+ NOTE: Remote exploitation requires that the agent was forwarded to an
attacker-controlled
+ NOTE: system.
CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow
prior to 2. ...)
TODO: check
CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been
declared ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5e9d0b3c5457787c6f23b8882c109835679762
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5e9d0b3c5457787c6f23b8882c109835679762
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
