Summary: | net-misc/ssh: SFTP restriction evasion (CVE-2006-0705) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED WONTFIX | ||||||
Severity: | enhancement | CC: | fauli, humpback | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.ssh.com/company/news/article/715/ | ||||||
Whiteboard: | C2 [masked] Falco | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 139969 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Raphael Marichez (Falco) (RETIRED)
2007-02-27 15:07:57 UTC
calling a vote for a maskglsa, i vote yes since it seems, according to HumpBack, that there are actually some users using it. agreed It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/ (In reply to comment #3) > It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/ So will you apply it or will it be masked and removed eventually? FYI it was GLSA 200703-13 Created attachment 133031 [details, diff]
patch-lib::sshfilexfer::sshfilexfers.c
Patch as shipped by FreeBSD
Humpback, the patch looks really simple. Please review and apply, then we could unmask this again. Removed older -r1 and added keyworded -r2 that has the patch. You guys are free to unmask it as soon as the glsa is announced. removed from tree -> WONTFIX |