[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of openssh?

On 2016-01-30 11:26:59, Antoine Beaupré wrote:
> The problem is, from what I understand, there is no way to fix
> CVE-2016-1908 while ForwardX11Trusted is set to "yes". Basically, that
> setting makes the whole exploit unnecessary because there's no
> protection to workaround.
> I am therefore tempted to agree with Guido that we should just mark this
> as no-dsa and move on, because, unless users have explicitely disable
> ForwardX11Trusted, it's impossible for us to fix that security issue for
> them.

I went ahead and did just that.


A genius is someone who discovers that the stone that falls and the
moon that doesn't fall represent one and the same phenomenon.
                         - Ernesto Sabato

Reply to: