|Summary:||net-misc/ssh: SFTP restriction evasion (CVE-2006-0705)|
|Product:||Gentoo Security||Reporter:||Raphael Marichez (Falco) (RETIRED) <falco>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||C2 [masked] Falco|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||139969|
Description Raphael Marichez (Falco) (RETIRED) 2007-02-27 15:07:57 UTC
Hi, there has been a vulnerability since early 2006 for that package with upstream dead. This package is p.pasked waiting for a solution.
Comment 1 Raphael Marichez (Falco) (RETIRED) 2007-02-27 15:09:10 UTC
calling a vote for a maskglsa, i vote yes since it seems, according to HumpBack, that there are actually some users using it.
Comment 2 Matthias Geerdsen (RETIRED) 2007-03-05 21:03:08 UTC
Comment 3 Gustavo Felisberto (RETIRED) 2007-04-15 17:25:37 UTC
It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/
Comment 4 Christian Faulhammer (RETIRED) 2007-09-08 22:52:38 UTC
(In reply to comment #3) > It seems *BSD has a possible fix: http://www.freshports.org/security/ssh2/ So will you apply it or will it be masked and removed eventually?
Comment 5 Raphael Marichez (Falco) (RETIRED) 2007-10-08 07:09:37 UTC
FYI it was GLSA 200703-13
Comment 6 Robert Buchholz (RETIRED) 2007-10-09 22:13:17 UTC
Created attachment 133031 [details, diff] patch-lib::sshfilexfer::sshfilexfers.c Patch as shipped by FreeBSD
Comment 7 Robert Buchholz (RETIRED) 2007-10-09 22:15:11 UTC
Humpback, the patch looks really simple. Please review and apply, then we could unmask this again.
Comment 8 Gustavo Felisberto (RETIRED) 2007-10-10 13:50:34 UTC
Removed older -r1 and added keyworded -r2 that has the patch. You guys are free to unmask it as soon as the glsa is announced.
Comment 9 Jeremy Olexa (darkside) (RETIRED) 2008-11-20 04:50:01 UTC
removed from tree -> WONTFIX