svn commit: r408890 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sun Feb 14 21:18:41 UTC 2016
Author: junovitch
Date: Sun Feb 14 21:18:39 2016
New Revision: 408890
URL: https://svnweb.freebsd.org/changeset/ports/408890
Log:
Add CVE to the OpenSSH 7.0.p1 entry and also mention CVE-2015-6565
Security: CVE-2015-6563
Security: CVE-2015-6564
Security: CVE-2015-6565
Security: https://vuxml.FreeBSD.org/freebsd/2920c449-4850-11e5-825f-c80aa9043978.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Feb 14 21:07:04 2016 (r408889)
+++ head/security/vuxml/vuln.xml Sun Feb 14 21:18:39 2016 (r408890)
@@ -11174,6 +11174,10 @@ Notes:
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://www.openssh.com/txt/release-7.0">
+ <p>OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable.
+ Local attackers may be able to write arbitrary messages to
+ logged-in users, including terminal escape sequences. Reported
+ by Nikolay Edigaryev.</p>
<p>Fixed a privilege separation
weakness related to PAM support. Attackers who could successfully
compromise the pre-authentication process for remote code
@@ -11188,11 +11192,14 @@ Notes:
</description>
<references>
<url>http://www.openssh.com/txt/release-7.0</url>
+ <cvename>CVE-2015-6563</cvename>
+ <cvename>CVE-2015-6564</cvename>
+ <cvename>CVE-2015-6565</cvename>
</references>
<dates>
<discovery>2015-08-11</discovery>
<entry>2015-08-21</entry>
- <modified>2016-01-15</modified>
+ <modified>2016-02-14</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list