Hi Yves, On Fr 15 Jan 2016 14:50:33 CET, Yves-Alexis Perez wrote:
On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:> I believe Yves-Alexis Perez is handing this. I figured Mike's mail is related to TEMP-0000000 Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension not to CVE-2016-0777 CVE-2016-0778?We've not yet investigated the other, CVE-less vulnerabilities fixed by the last OpenSSH release (whether for the current stables or for LTS). Regards,
I marked openssh as not-affected by one of those TEMP issues, the other one (X11 SECURITY / ssh -X issue) should get fixed IMHO.
Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
pgp9mVwjvHv0X.pgp
Description: Digitale PGP-Signatur