On Fri, Jan 15, 2016 at 02:50:33PM +0100, Yves-Alexis Perez wrote:
> On ven., 2016-01-15 at 14:47 +0100, Guido Günther wrote:
> > > I believe Yves-Alexis Perez is handing this.
> >
> > I figured Mike's mail is related to
> >
> > TEMP-0000000 Eliminate the fallback from untrusted X11-forwarding to
> > trusted forwarding for cases when the X server disables the SECURITY
> > extension
> >
> > not to CVE-2016-0777 CVE-2016-0778?
>
> We've not yet investigated the other, CVE-less vulnerabilities fixed by the
> last OpenSSH release (whether for the current stables or for LTS).
I don't see how "TEMP-0000000 Eliminate the fallback from untrusted
X11-forwarding to
trusted forwarding for cases when the X server disables the SECURITY
extension" has additional security implications not covered by CVE-2015-5352?
Cheers,
Moritz
