Summary: | <net-misc/openssh-7.9_p1-r4: multiple vulnerabilities (CVE-2019-{6109,6110,6111}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, holgersson, phmagic, ps, robbat2 |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=697046 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
net-misc/openssh-7.9_p1-r4
|
Runtime testing required: | --- |
Bug Depends on: | 661258 | ||
Bug Blocks: | 675520, 675526 |
Description
GLSAMaker/CVETool Bot
2019-01-15 17:50:31 UTC
Upstream doesn't consider (some of?) these scp issues as a bug, according to the debian tracker of CVE-2019-6110: https://security-tracker.debian.org/tracker/CVE-2019-6110 However, CVE-2019-6109 and CVE-2019-6111 have been fixed: https://www.debian.org/security/2019/dsa-4387 Best regards. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40935d5171a88ca21159ee9db7c2d780b4473a22 commit 40935d5171a88ca21159ee9db7c2d780b4473a22 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-03-03 02:46:29 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-03-03 02:46:41 +0000 net-misc/openssh: add some patches, including CVE-2019-6111 Bug: https://bugs.gentoo.org/show_bug.cgi?id=675522 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 2 + net-misc/openssh/openssh-7.9_p1-r3.ebuild | 468 ++++++++++++++++++++++++++++++ 2 files changed, 470 insertions(+) amd64 stable arm64 stable Please proceed with =net-misc/openssh-7.9_p1-r4 x86 stable hppa and sparc done arm stable alpha stable ppc/ppc64 stable With all the supported arches done, we are going to issue the GLSA. Remaining arches please complete stabilization, and clean-up ia64 stable s390 stable sh stable m68k stable This issue was resolved and addressed in GLSA 201903-16 at https://security.gentoo.org/glsa/201903-16 by GLSA coordinator Aaron Bauman (b-man). re-opened to track cleanup and fixing of twist Version 8.0 was released today. @base-system, can this be cleaned yet? Unable to check for sanity:
> no match for package: net-misc/openssh-7.9_p1-r4
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=564f650e05897641af79a977599733c16dab7883 commit 564f650e05897641af79a977599733c16dab7883 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-21 11:29:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-21 11:29:49 +0000 net-misc/openssh: security cleanup Bug: https://bugs.gentoo.org/675522 Bug: https://bugs.gentoo.org/697046 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 19 - .../files/openssh-7.3-mips-seccomp-n32.patch | 21 - .../files/openssh-7.5_p1-CVE-2017-15906.patch | 31 -- .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch | 351 ---------------- .../openssh/files/openssh-7.5_p1-cross-cache.patch | 39 -- .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch | 67 --- .../files/openssh-7.5_p1-s390-seccomp.patch | 27 -- .../openssh/files/openssh-7.5_p1-x32-typo.patch | 25 -- .../openssh/files/openssh-7.7_p1-GSSAPI-dns.patch | 351 ---------------- .../openssh/files/openssh-7.8_p1-GSSAPI-dns.patch | 359 ---------------- .../files/openssh-7.9_p1-CVE-2018-20685.patch | 16 - .../files/openssh-7.9_p1-X509-11.6-tests.patch | 12 - ...openssh-7.9_p1-X509-dont-make-piddir-11.6.patch | 16 - .../files/openssh-7.9_p1-X509-glue-11.6.patch | 28 -- .../files/openssh-7.9_p1-hpn-X509-glue.patch | 79 ---- .../openssh/files/openssh-7.9_p1-hpn-glue.patch | 112 ----- .../files/openssh-7.9_p1-hpn-openssl-1.1.patch | 91 ---- .../files/openssh-7.9_p1-hpn-sctp-glue.patch | 17 - .../openssh-7.9_p1-openssl-1.0.2-compat.patch | 13 - .../openssh/files/openssh-8.0_p1-GSSAPI-dns.patch | 359 ---------------- .../files/openssh-8.0_p1-X509-12.1-tests.patch | 11 - ...integer-overflow-similar-to-the-XMSS-case.patch | 76 ---- ...eger-overflow-in-XMSS-private-key-parsing.patch | 14 - .../files/openssh-8.0_p1-hpn-X509-glue.patch | 114 ----- .../openssh/files/openssh-8.0_p1-hpn-glue.patch | 194 --------- net-misc/openssh/files/openssh-8.0_p1-tests.patch | 43 -- net-misc/openssh/metadata.xml | 2 - net-misc/openssh/openssh-7.5_p1-r5.ebuild | 335 --------------- net-misc/openssh/openssh-7.7_p1-r10.ebuild | 445 -------------------- net-misc/openssh/openssh-7.9_p1-r5.ebuild | 468 --------------------- net-misc/openssh/openssh-8.0_p1-r5.ebuild | 465 -------------------- 31 files changed, 4200 deletions(-) All done. |