diff options
| author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-19 17:10:27 +0000 |
|---|---|---|
| committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-05-19 17:10:27 +0000 |
| commit | 5c0117831532cbf7d9b9c22ee8c693f079829e25 (patch) | |
| tree | 972fb9619fd387f8ba1a7be6db2893a3fb9e7184 /data | |
| parent | e65e23fb633b81583491b42c527c8dd267c070fa (diff) | |
need to reassess severity of openssh issue
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11930 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 66d0a4fbaa..16e1adf666 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -7865,6 +7865,9 @@ CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and S - openssh <unfixed> (low; bug #506115) [etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv) [lenny] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv) + NOTE: I don't see this as being minor (a 1 in 262,144 chance of recovering 32 plaintext bits is rather good) + NOTE: See http://www.theregister.co.uk/2009/05/19/open_ssh_hack/ + TODO: reassess severity CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...) {DTSA-179-1} - geshi 1.0.8.1-1 (medium) |