Bug 200241

Summary:	[security] security/openssh-portable - heap overflow
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Bryan Drewery <bdrewery>
Status:	Closed FIXED
Severity:	Affects Many People	Flags:	bugzilla: maintainer-feedback? (bdrewery)
Priority:	---
Version:	Latest
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2015-05-16 13:43:39 UTC

http://www.openwall.com/lists/oss-security/2015/05/16/3

Comment 1 Bryan Drewery freebsd_committer

2015-05-16 16:23:09 UTC

It seems really harmless, but I'll apply it anyway. Thanks for notifying me.

Comment 2 Bryan Drewery freebsd_committer

2015-05-16 16:28:50 UTC

Committed.

Comment 3 commit-hook freebsd_committer

2015-05-16 16:29:22 UTC

A commit references this bug:

Author: bdrewery
Date: Sat May 16 16:28:40 UTC 2015
New revision: 386554
URL: https://svnweb.freebsd.org/changeset/ports/386554

Log:
  Avoid a potential read overflow. This was not deemed a security issue by
  upstream; it was fixed upstream comprehensively a few weeks ago in
  77199d6ec8986d470487e66f8ea8f4cf43d2e20c.

  PR:		200241
  Patch by:	Hanno B?ck <hanno@hboeck.de>
  Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-compat.c