[Secure-testing-team] Bug#848714: openssh: CVE-2016-10009
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 19 19:25:45 UTC 2016
Source: openssh
Version: 1:7.3p1-5
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for openssh.
CVE-2016-10009[0]:
|ssh-agent(1): load PKCS#11 modules from paths outside a trusted
|whitelist
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
Please adjust the affected versions in the BTS as needed. Note, I'm
opening individual bugs for the four assigned CVEs. The reason is that
is is not yet triaged if the set of common affected versions is the
same for all. This allows us to track the CVEs in BTS.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list