Author: gilbert-guest
Date: 2009-05-19 17:10:27 +0000 (Tue, 19 May 2009)
New Revision: 11930
Modified:
data/CVE/list
Log:
need to reassess severity of openssh issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-19 16:23:40 UTC (rev 11929)
+++ data/CVE/list 2009-05-19 17:10:27 UTC (rev 11930)
@@ -7865,6 +7865,9 @@
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (Minor issue, see
http://www.openssh.org/txt/cbc.adv)
[lenny] - openssh <no-dsa> (Minor issue, see
http://www.openssh.org/txt/cbc.adv)
+ NOTE: I don''t see this as being minor (a 1 in 262,144 chance of
recovering 32 plaintext bits is rather good)
+ NOTE: See http://www.theregister.co.uk/2009/05/19/open_ssh_hack/
+ TODO: reassess severity
CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before
1.0.8 ...)
{DTSA-179-1}
- geshi 1.0.8.1-1 (medium)