Summary: | <app-misc/mc-4.8.27: lacking sftp server validation (CVE-2021-36370) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | marecki, polynomial-c, slashbeast |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://midnight-commander.org/ticket/4259 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 811414 | ||
Bug Blocks: |
Description
John Helmert III
2021-08-30 20:50:41 UTC
Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bf490bf9bec287e3927af2df506fa63a9e245f1 commit 7bf490bf9bec287e3927af2df506fa63a9e245f1 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-10-01 09:42:55 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-10-01 09:42:55 +0000 app-misc/mc: Security cleanup Bug: https://bugs.gentoo.org/811159 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-misc/mc/Manifest | 1 - app-misc/mc/files/mc-4.8.26-file-seccomp.patch | 142 ------------------------- app-misc/mc/files/mc-4.8.26-shadow-crash.patch | 39 ------- app-misc/mc/mc-4.8.26-r4.ebuild | 125 ---------------------- app-misc/mc/mc-4.8.26-r5.ebuild | 131 ----------------------- 5 files changed, 438 deletions(-) Very low impact, no GLSA. Thanks Lars! |