Source: cvs
Version: 2:1.12.13+real-9
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for cvs.
CVE-2017-12836[0]:
CVS and ssh command injection
If you fix the vulnerability please also make sure to include the
CVE (Common V
tags 871810 + patch pending
thanks
Salvatore Bonaccorso dixit:
>Severity: grave
Probably not as severe, the attack vector seems minimal.
>[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
>[1] http://www.openwall.co
On Aug/11, Thorsten Glaser wrote:
> For {,{,old}old}stable-security, this should suffice:
> [...]
Would you be able to produce debdiffs for jessie and stretch, so we can
review them and give you the go-ahead to upload to security-master ?
Cheers,
--Seb
__
Sébastien Delafond dixit:
>On Aug/11, Thorsten Glaser wrote:
>> For {,{,old}old}stable-security, this should suffice:
>> [...]
>
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master ?
Yes, although they’d look
Sébastien Delafond dixit:
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master ?
OK, now that I’m waiting on the multi-hour testsuite results on sid.
(It’s mostly that, due to the extra checks, the testsuite n
5 matches
Mail list logo