Package: openssh Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openssh. CVE-2007-4752[0]: | ssh in OpenSSH before 4.7 does not properly handle when an untrusted | cookie cannot be created and uses a trusted X11 cookie instead, which | allows attackers to violate intended policy and gain privileges by | causing an X client to be treated as trusted. If you fix this vulnerability please also include the CVE id in your changelog entry. As far as I can see the fix for this issue is: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpMq3qqwUpVb.pgp
Description: PGP signature