diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-20 15:16:18 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-20 15:16:18 +0100 |
| commit | 012a35968771c75e867267b0d23d3372d078834d (patch) | |
| tree | dd88b495e9caca44dd39feb5ab5fe4c114f3927a | |
| parent | 156312a01bc8aa218e83280a98566bf8817ce1db (diff) | |
Add initial notes for CVE-2016-20013
| -rw-r--r-- | data/CVE/2016.list | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index cef3871438..8a75a71ddd 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,5 +1,8 @@ CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) - TODO: check + NOTE: https://akkadia.org/drepper/SHA-crypt.txt + NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ + NOTE: https://twitter.com/solardiz/status/795601240151457793 + TODO: check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh <unfixed> (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 |