Hi, there has been a vulnerability since early 2006 for that package with upstream dead. This package is p.pasked waiting for a solution.
calling a vote for a maskglsa, i vote yes since it seems, according to HumpBack, that there are actually some users using it.
agreed
It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/
(In reply to comment #3) > It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/ So will you apply it or will it be masked and removed eventually?
FYI it was GLSA 200703-13
Created attachment 133031 [details, diff] patch-lib::sshfilexfer::sshfilexfers.c Patch as shipped by FreeBSD
Humpback, the patch looks really simple. Please review and apply, then we could unmask this again.
Removed older -r1 and added keyworded -r2 that has the patch. You guys are free to unmask it as soon as the glsa is announced.
removed from tree -> WONTFIX