Attachment 196995 Details for Bug 230151 – vuxml

[patch] vuxml

vuxml (text/plain), 1.35 KB, created by Nathan on 2018-09-10 01:40:54 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nathan

Created: 2018-09-10 01:40:54 UTC

Size: 1.35 KB

patch

obsolete

>Index: security/vuxml/vuln.xml
>===================================================================
>--- security/vuxml/vuln.xml	(revision 479322)
>+++ security/vuxml/vuln.xml	(working copy)
>@@ -58,6 +58,33 @@
>   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+  <vuln vid="0e8f496a-b498-11e8-bdcf-74d435e60b7c">
>+    <topic>py-asyncssh -- Allows bypass of authentication</topic>
>+    <affects>
>+      <package>
>+	<name>py-asyncssh</name>
>+	<range><lt>1.12.1</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>mitre.org Reports:</p>
>+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749">
>+		<p>The SSH server implementation of AsyncSSH before 1.12.1 does not properly check
>+		whether authentication is completed before processing other requests
>+		A customized SSH client can simply skip the authentication step. </p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749</url>
>+    </references>
>+    <dates>
>+      <discovery>2018-03-07</discovery>
>+      <entry>2018-03-10</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="2a92555f-a6f8-11e8-8acd-10c37b4ac2ea">
>     <topic>links -- denial of service</topic>
>     <affects>

Flags:

ndowens04: maintainer-approval+

Actions: View | Diff

Attachments on bug 230151: 195595 | 195731 | 195735 | 195736 | 196995 | 196997