Date: Tue, 8 Mar 2016 01:09:24 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410594 - head/security/vuxml Message-ID: <201603080109.u2819O0F049025@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Tue Mar 8 01:09:24 2016 New Revision: 410594 URL: https://svnweb.freebsd.org/changeset/ports/410594 Log: Wrap long lines. No content change. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 8 01:02:33 2016 (r410593) +++ head/security/vuxml/vuln.xml Tue Mar 8 01:09:24 2016 (r410594) @@ -112,7 +112,10 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml">; <p>Simon G. Tatham reports:</p> <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html">; - <p>Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction (i.e. downloading from server to client) of the old-style SCP protocol.</p> + <p>Many versions of PSCP prior to 0.67 have a stack corruption + vulnerability in their treatment of the 'sink' direction (i.e. + downloading from server to client) of the old-style SCP protocol. + </p> <p>In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file.[...] you can work around it in a vulnerable PSCP by using the -sftp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603080109.u2819O0F049025>