From ${URL} : Security -------- * sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=713e5d3b63b36aa4cc6e47fb47214142dbc8d23c commit 713e5d3b63b36aa4cc6e47fb47214142dbc8d23c Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-14 22:14:56 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-14 22:15:11 +0000 net-misc/openssh: Rev bump to fix CVE-2017-15906 Bug: https://bugs.gentoo.org/633428 Package-Manager: Portage-2.3.13, Repoman-2.3.4 .../files/openssh-7.5_p1-CVE-2017-15906.patch | 31 ++ net-misc/openssh/openssh-7.5_p1-r3.ebuild | 332 +++++++++++++++++++++ 2 files changed, 363 insertions(+)}
@ Arches, please test and mark stable: =net-misc/openssh-7.5_p1-r3
amd64 stable
x86 stable
ia64 stable
Stable on alpha.
sparc stable (thanks to Rolf Eike Beer)
ppc64 stable
ppc stable
arm stable
hppa stable
Repository is clean.
New GLSA request filed. Gentoo Security Padawan (Jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201801-05 at https://security.gentoo.org/glsa/201801-05 by GLSA coordinator Aaron Bauman (b-man).