Summary: | net-misc/scponly: arbitrary command execution | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | matsuu | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.securityfocus.com/archive/1/383046/2004-11-30/2004-12-06/0 | ||||||
Whiteboard: | B2 [glsa] 20041202 | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Matthias Geerdsen (RETIRED)
2004-11-29 07:26:08 UTC
*** Bug 72816 has been marked as a duplicate of this bug. *** Created attachment 44970 [details]
scponly-4.0.ebuild
This bug will track scponly only. vapier/matsuu: would you say it's good enough to be committed as stable directly for x86 and amd64 on release date ? Or do you prefer we call selected people from both arhes to test and give their go ? scponly-4.0 has not been released yet. I have amd64 machine. If it is released, I try it immediately. Then we should wait for upstream :) it hasnt been released because they're coordinating with the security announcement :P i tested the attached ebuild on x86 ... should be fine for straight stable loving vuln has been disclosed ... matsuu, could you please add the ebuild to portage so we can release a GLSA ? in cvs. Stable and GLSA drafted. I've not seen the annoucement, but if it mentions rssh, then it should be masked and the GLSA should speak of both... It mentions rssh. GLSA 200412-01 |