[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of openssh?

On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > I believe Yves-Alexis Perez is handing this.
> > 
> > I figured Mike's mail is related to
> > 
> >     TEMP-0000000 Eliminate the fallback from untrusted X11-forwarding to
> > trusted forwarding for cases when the X server disables the SECURITY
> > extension
> > 
> > not to CVE-2016-0777 CVE-2016-0778?
> 
> We've not yet investigated the other, CVE-less vulnerabilities fixed by the
> last OpenSSH release (whether for the current stables or for LTS).

I don't see how "TEMP-0000000 Eliminate the fallback from untrusted X11-forwarding to
trusted forwarding for cases when the X server disables the SECURITY
extension" has additional security implications not covered by CVE-2015-5352?

Cheers,
        Moritz
Reply to: