oss-sec mailing list archives
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Fri, 11 Aug 2017 21:24:47 +0200
Hi On Fri, Aug 11, 2017 at 01:40:33PM +0200, Salvatore Bonaccorso wrote:
hi On Fri, Aug 11, 2017 at 10:10:18AM +0200, Andreas Stieger wrote:On 08/11/2017 01:32 AM, Hank Leininger wrote:SSH command injection via -o... impacts CVS 1.12.x as well [...] I don't know if these were discussed on a private list prior to publication, and whether that discussion included CVS.cvs did not come up in the private discussions that I am aware of, thanks for pointing it out.FWIW, I have requested a CVE via the MITRE webform. Will followup here once/if it gets assigned.
CVE-2017-12836 was assigned for this issue. Regards, Salvatore
Current thread:
- CVS and ssh command injection (see CVE-2017-1000117, etc.) Hank Leininger (Aug 10)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hanno Böck (Aug 20)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)