[Secure-testing-team] Bug#790798: CVE-2015-5352
Moritz Muehlenhoff
mmuhlenhoff at wikimedia.org
Wed Jul 1 19:31:37 UTC 2015
Source: openssh
Severity: important
Tags: security
Hi Colin,
CVE-2015-5352 was assigned to this change from 6.9:
> * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
> connections made after ForwardX11Timeout expired could be permitted
> and no longer subject to XSECURITY restrictions because of an
> ineffective timeout check in ssh(1) coupled with "fail open"
> behaviour in the X11 server when clients attempted connections with
> expired credentials. This problem was reported by Jann Horn.
Fix:
https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
I don't think this warrants a DSA, we can line up the fix for a future
DSA or a jessie point update. Or do yo disagree?
Cheers,
Moritz
More information about the Secure-testing-team
mailing list