CVE-2014-1692

Jason L Tibbitts III tibbs at math.uh.edu
Fri Jan 31 08:45:15 EST 2014


>>>>> "AB" == Alex Bligh <alex at alex.org.uk> writes:

AB> If one is allowed to modify files in order to trigger security
AB> vulnerabilities, I think I could find some rather more obvious
AB> modifications to do with rather more serious impacts.

The original filing is interesting; there was confusion about whether it
qualified for a CVE at all, and the rationale by the assignment team is
given in a reply.

http://openwall.com/lists/oss-security/2014/01/29/2

 - J<


More information about the openssh-unix-dev mailing list