CVE-2010-2221 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2221): Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
/usr/portage/sys-block/tgt/metadata.xml says herd "cluster", so I'm not sure who wants this.
Reopening for security team to close. Version bump in tree: *tgt-1.0.7 (11 Aug 2010) 11 Aug 2010; Alexey Shvetsov <alexxy@gentoo.org> -tgt-1.0.1.ebuild, +tgt-1.0.7.ebuild, metadata.xml: Verson bump. Also this will fix bug #329933
Thanks. Closing noglsa.