Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e74c3720 by Salvatore Bonaccorso at 2018-09-10T07:43:56Z
Drop postponed tags
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29052,7 +29052,6 @@ CVE-2016-10709 (pfSense before 2.3 allows remote
authenticated users to execute
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a
denial of ...)
{DLA-1257-1}
- openssh 1:7.4p1-1
- [jessie] - openssh <postponed> (Minor issue)
NOTE:
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
NOTE: Flaw is not crashing the whole sshd daemon, rather the privsep
process
@@ -49753,7 +49752,6 @@ CVE-2017-15907 (SQL injection vulnerability in
phpCollab 2.5.1 and earlier allow
CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before
7.6 does ...)
- openssh 1:7.6p1-1 (low)
[stretch] - openssh 1:7.4p1-10+deb9u3
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE:
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
CVE-2017-15905
@@ -86957,14 +86955,12 @@ CVE-2016-10013 (Xen through 4.8.x allows local 64-bit
x86 HVM guest OS users to
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication
...)
- openssh 1:7.4p1-1 (low; bug #848717)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
NOTE:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166
NOTE:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly
consider ...)
- openssh 1:7.4p1-1 (low; bug #848716)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
NOTE:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
@@ -86975,7 +86971,6 @@ CVE-2016-10010 (sshd in OpenSSH before 7.4, when
privilege separation is not use
NOTE: Privilege separation is enabled in the Debian package
CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in
ssh-agent in ...)
- openssh 1:7.4p1-1 (low; bug #848714)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
NOTE:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
@@ -106240,7 +106235,6 @@ CVE-2016-6517 (Directory traversal vulnerability in
Liferay 5.1.0 allows remote
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH
before ...)
{DLA-594-1}
- openssh 1:7.3p1-1 (bug #833823)
- [jessie] - openssh <postponed> (Minor issue; can be included in future
DSA or via point release)
NOTE: Fixed by:
https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97
CVE-2016-6514
RESERVED
@@ -117919,7 +117913,6 @@ CVE-2016-3116 (CRLF injection vulnerability in
Dropbear SSH before 2016.72 allow
NOTE: Fixed in 2016.72 upstream
CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in
...)
- openssh 1:7.2p2-1
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openssh.com/txt/x11fwd.adv
NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
@@ -122262,7 +122255,6 @@ CVE-2016-1716 (AppleGraphicsPowerManagement in Apple
OS X before 10.11.3 allows
NOT-FOR-US: Apple
CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie
generation ...)
- openssh 1:7.2p1-1
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE: Upstream commit:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
@@ -134915,14 +134907,12 @@ CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses
world-writable permissions for T
NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on
non-OpenBSD ...)
- openssh 1:6.9p1-1 (bug #795711)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE:
https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx
function in ...)
- openssh 1:6.9p1-1 (bug #795711)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE:
https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
@@ -136034,7 +136024,6 @@ CVE-2015-5601
CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in
OpenSSH ...)
{DLA-288-1}
- openssh 1:6.9p1-1 (bug #793616)
- [jessie] - openssh <postponed> (Minor issue; not in default
configurations)
[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
NOTE: http://seclists.org/fulldisclosure/2015/Jul/92
NOTE: Affects configurations that have KbdInteractiveAuthentication set
@@ -137747,7 +137736,6 @@ CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote
configuration enabled allo
CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH
before ...)
{DLA-288-1}
- openssh 1:6.9p1-1 (bug #790798)
- [jessie] - openssh <postponed> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
NOTE:
https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e74c372074307375ee7d2e1a42aa53945ce8e3f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e74c372074307375ee7d2e1a42aa53945ce8e3f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
