[Git][security-tracker-team/security-tracker][master] Reference report about CVE-2023-51385 and CVE-2023-6004

Tue, 26 Dec 2023 12:55:43 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86aed096 by Salvatore Bonaccorso at 2023-12-26T21:54:51+01:00
Reference report about CVE-2023-51385 and CVE-2023-6004

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1449,6 +1449,7 @@ CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command 
injection might occur i
        - openssh 1:9.6p1-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
        NOTE: 
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
 (V_9_6_P1)
+       NOTE: 
https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
 CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination 
constraints ca ...)
        - openssh 1:9.6p1-1
        [bookworm] - openssh 1:9.2p1-2+deb12u2
@@ -6209,6 +6210,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements 
abstract layer for mess
 CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code 
through hostname]
        - libssh 0.10.6-1 (bug #1059061)
        NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
+       NOTE: 
https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
        NOTE: 
https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19
 (libssh-0.10.6)
        NOTE: 
https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3
 (libssh-0.10.6)
        NOTE: 
https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1
 (libssh-0.10.6)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86aed096f46f17921d14dd5fbc46dc79d83a3498

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86aed096f46f17921d14dd5fbc46dc79d83a3498
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to