I've checked our code: iscsitarget-1.4.19 has the patch, but it's not stable yet.
@base-system: is 1.4.19 it ok to go stable?
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI
target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and
earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16
allow remote attackers to cause a denial of service (tgtd daemon
crash) or possibly have unspecified other impact via vectors that
involve the isns_attr_query and qry_rsp_handle functions, and are
related to (a) client appearance and (b) client disappearance
Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"
Marked ppc stable, sorry about the delay.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201201-06 at http://security.gentoo.org/glsa/glsa-201201-06.xml
by GLSA coordinator Sean Amoss (ackle).