On 2016-01-30 11:26:59, Antoine Beaupré wrote:
> The problem is, from what I understand, there is no way to fix
> CVE-2016-1908 while ForwardX11Trusted is set to "yes". Basically, that
> setting makes the whole exploit unnecessary because there's no
> protection to workaround.
>
> I am therefore te
On 2016-01-29 20:27:43, Colin Watson wrote:
> On Fri, Jan 29, 2016 at 04:36:58PM -0500, Antoine Beaupré wrote:
>> So this definitely need coordination with the openssh maintainers at
>> this point, to at least confirm or infirm the "usability over security"
>> decision that happened all that while
On Fri, Jan 29, 2016 at 04:36:58PM -0500, Antoine Beaupré wrote:
> So this definitely need coordination with the openssh maintainers at
> this point, to at least confirm or infirm the "usability over security"
> decision that happened all that while ago.
I did that recently, and came to the conclu
On 2016-01-23 06:50:51, Guido Günther wrote:
> I had a look at RedHat's analysis[1] and at Squeeze, Wheezy and Jessie:
>
> * Squeeze and Wheezy don't run "xhost +si:localuser:`id -un`" from
> xinit but we do so from Jessie on
> * we have the security extension enabled
>
> however Debi
On 2016-01-23 06:50:51, Guido Günther wrote:
> Hi Colin,
> On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote:
>> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
>> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
>> > > > I believe Yves-Alexis Perez is handin
Hi Colin,
On Fri, Jan 15, 2016 at 02:01:44PM +, Colin Watson wrote:
> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > > I believe Yves-Alexis Perez is handing this.
> > >
> > > I figured Mike's mail is relate
Hi Yves,
On Fr 15 Jan 2016 14:50:33 CET, Yves-Alexis Perez wrote:
On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> I believe Yves-Alexis Perez is handing this.
I figured Mike's mail is related to
TEMP-000 Eliminate the fallback from untrusted X11-forwarding to
trusted forw
Hi,
On Fri, Jan 15, 2016 at 02:55:43PM +0100, Moritz Muehlenhoff wrote:
> On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> > On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > > I believe Yves-Alexis Perez is handing this.
> > >
> > > I figured Mike's mail is relat
On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > I believe Yves-Alexis Perez is handing this.
> >
> > I figured Mike's mail is related to
> >
> > TEMP-000 Eliminate the fallback from untrusted X11-forwardin
On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > I believe Yves-Alexis Perez is handing this.
> >
> > I figured Mike's mail is related to
> >
> > TEMP-000 Eliminate the fallback from untrusted X11-forwardin
On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > I believe Yves-Alexis Perez is handing this.
>
> I figured Mike's mail is related to
>
> TEMP-000 Eliminate the fallback from untrusted X11-forwarding to
> trusted forwarding for cases when the X server disables the SECURITY
> e
Hi,
On Fri, Jan 15, 2016 at 01:35:37PM +, Ben Hutchings wrote:
> On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> > Hello dear maintainer(s),
> >
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of openssh:
> > https://se
On Fri, 2016-01-15 at 14:37 +0100, Yves-Alexis Perez wrote:
> On ven., 2016-01-15 at 13:35 +, Ben Hutchings wrote:
> > On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> > > Hello dear maintainer(s),
> > >
> > > the Debian LTS team would like to fix the security issues which are
> > > cu
On ven., 2016-01-15 at 13:35 +, Ben Hutchings wrote:
> On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> > Hello dear maintainer(s),
> >
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of openssh:
> > https://security-tra
On Fri, 2016-01-15 at 11:46 +0100, Mike Gabriel wrote:
> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of openssh:
> https://security-tracker.debian.org/tracker/source-package/openssh
>
> Would you like to
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of openssh:
https://security-tracker.debian.org/tracker/source-package/openssh
Would you like to take care of this yourself?
If yes, please follow the workflow we h
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of openssh:
https://security-tracker.debian.org/tracker/CVE-2015-5352
Would you like to take care of this yourself? We are still understaffed so
any help is always
17 matches
Mail list logo