200241 – [security] security/openssh-portable - heap overflow

Bug 200241 - [security] security/openssh-portable - heap overflow

Summary: [security] security/openssh-portable - heap overflow

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Bryan Drewery

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-16 13:43 UTC by Sevan Janiyan
Modified:	2015-05-16 16:29 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (bdrewery)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2015-05-16 13:43:39 UTC

http://www.openwall.com/lists/oss-security/2015/05/16/3

Comment 1 Bryan Drewery freebsd_committer

2015-05-16 16:23:09 UTC

It seems really harmless, but I'll apply it anyway. Thanks for notifying me.

Comment 2 Bryan Drewery freebsd_committer

2015-05-16 16:28:50 UTC

Committed.

Comment 3 commit-hook freebsd_committer

2015-05-16 16:29:22 UTC

A commit references this bug:

Author: bdrewery
Date: Sat May 16 16:28:40 UTC 2015
New revision: 386554
URL: https://svnweb.freebsd.org/changeset/ports/386554

Log:
  Avoid a potential read overflow. This was not deemed a security issue by
  upstream; it was fixed upstream comprehensively a few weeks ago in
  77199d6ec8986d470487e66f8ea8f4cf43d2e20c.

  PR:		200241
  Patch by:	Hanno B?ck <hanno@hboeck.de>
  Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-compat.c