diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-20 15:16:18 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-20 15:16:18 +0100 |
| commit | c0f08c9c0a28de4c58a8d157f0ba73b4da839d36 (patch) | |
| tree | 476072943af294058a38340856bf25626faba5c5 | |
| parent | eac9a652cf210821a8370918182fac3b39a47ace (diff) | |
Add initial notes for CVE-2016-20013
| -rw-r--r-- | data/CVE/list.2016 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index cef3871438..8a75a71ddd 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -1,5 +1,8 @@ CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) - TODO: check + NOTE: https://akkadia.org/drepper/SHA-crypt.txt + NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ + NOTE: https://twitter.com/solardiz/status/795601240151457793 + TODO: check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh <unfixed> (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 |