CVE-2014-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2830): Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. Maintainers: please CC arch teams if 6.4 is ready for stabilization
@arch_teams , please stabilize =net-fs/cifs-utils-6.4
*** Bug 549198 has been marked as a duplicate of this bug. ***
amd64 : ok (builds, runs)
amd64 stable
Stable for HPPA PPC64.
x86 stable
ppc stable
arm stable
sparc stable
alpha stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Maintainer(s), please drop the vulnerable version(s).
Please clean.
commit aa17a42524f5b3a67e8565b9b333ff9206f0b625 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sat Jun 11 14:14:51 2016 net-fs/cifs-utils: Security cleanup (bug 552634). Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
This issue was resolved and addressed in GLSA 201612-08 at https://security.gentoo.org/glsa/201612-08 by GLSA coordinator Aaron Bauman (b-man).