Hi! I ran into https://www.exploit-db.com/exploits/40866/ recently, confirmed it to work, found list of open bugs at https://sourceforge.net/p/netcat/bugs/?source=navbar, confirmed this https://sourceforge.net/p/netcat/bugs/62/ bug, see no commits after 2013 at https://sourceforge.net/p/netcat/code/HEAD/tree/branches/. I'm unsure if that exploit is a severe thing (e.g. as it relies on option -T) but gnu-netcat looks a lot more dead and buggy to me than stable. With multiple netcat's around in Gentoo, maybe that's something we want to communicate to Gentoo users. How about masking it or moving it back to unstable? Best Sebastian
@security, could you confirm what's the current state of affairs here?
(In reply to Michał Górny from comment #1) > @security, could you confirm what's the current state of affairs here? Last-rites are in order.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1970be05736016d5cd4369a32756d395d01ed932 commit 1970be05736016d5cd4369a32756d395d01ed932 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-13 18:39:59 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-13 18:40:28 +0000 package.mask: Last rite net-analyzer/gnu-netcat Bug: https://bugs.gentoo.org/601742 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 11 +++++++++++ 1 file changed, 11 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df604b5e52c41cbe9b256a4d84ab42440986bd18 commit df604b5e52c41cbe9b256a4d84ab42440986bd18 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-05-15 20:06:49 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-05-15 20:07:58 +0000 net-analyzer/gnu-netcat: Remove last-rited pkg Closes: https://bugs.gentoo.org/601742 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-analyzer/gnu-netcat/Manifest | 1 - .../gnu-netcat/files/gnu-netcat-LC_CTYPE.patch | 19 ------------ .../gnu-netcat/files/gnu-netcat-close.patch | 16 ---------- .../gnu-netcat/files/gnu-netcat-flagcount.patch | 22 ------------- net-analyzer/gnu-netcat/gnu-netcat-0.7.1-r3.ebuild | 36 ---------------------- net-analyzer/gnu-netcat/gnu-netcat-0.7.1-r4.ebuild | 32 ------------------- net-analyzer/gnu-netcat/metadata.xml | 12 -------- profiles/package.mask | 10 ------ 8 files changed, 148 deletions(-)