Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Feb 2006 23:13:15 +0900
From:      Hirohisa Yamaguchi <umq@ueo.co.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/93594: [update] shells/rssh update to 2.3.2 fixes root compromise bug
Message-ID:  <863bie5dac.wl%umq@ueo.co.jp>
Resent-Message-ID: <200602201420.k1KEKDa4098668@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         93594
>Category:       ports
>Synopsis:       [update] shells/rssh update to 2.3.2 fixes root compromise bug
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 20 14:20:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Hirohisa Yamaguchi
>Release:        FreeBSD 7.0-CURRENT amd64
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Thu Jan 26 11:28:00 JST 2006 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64
>Description:
	The root compromise bug in rssh, reported as CVE-2005-3345, has been fixed in the new version 2.3.2.
	Please remove FORBIDDEN tag.

	CVE-2005-3345: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3345
	Release News: http://www.pizzashack.org/rssh/index.shtml
>How-To-Repeat:
>Fix:

	the patch follows

diff -rpu ports/orig/shells/rssh/Makefile ports/shells/rssh/Makefile
--- ports/orig/shells/rssh/Makefile	Fri Feb 17 00:10:24 2006
+++ ports/shells/rssh/Makefile	Mon Feb 20 23:02:31 2006
@@ -6,15 +6,13 @@
 #
 
 PORTNAME=	rssh
-PORTVERSION=	2.2.3
+PORTVERSION=	2.3.2
 CATEGORIES=	shells security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	enigmatyc@laposte.net
 COMMENT=	A Restricted Secure SHell only for sftp or/and scp
-
-FORBIDDEN=	http://vuxml.FreeBSD.org/e34d0c2e-9efb-11da-b410-000e0c2e438a.html
 
 GNU_CONFIGURE=	yes
 USE_REINPLACE=	yes
diff -rpu ports/orig/shells/rssh/distinfo ports/shells/rssh/distinfo
--- ports/orig/shells/rssh/distinfo	Tue Jan 24 10:04:18 2006
+++ ports/shells/rssh/distinfo	Mon Feb 20 22:54:30 2006
@@ -1,3 +1,3 @@
-MD5 (rssh-2.2.3.tar.gz) = 74f40a4fd5d2b097af34a817e21a33cf
-SHA256 (rssh-2.2.3.tar.gz) = 2a6bd0924cbd691c90ac3f6d4504cf184b381688c52fbe6efe3f0bdea39a1e1e
-SIZE (rssh-2.2.3.tar.gz) = 107216
+MD5 (rssh-2.3.2.tar.gz) = 65712f2c06ff5fc6fc783bc8c2e4e1ba
+SHA256 (rssh-2.3.2.tar.gz) = 8569a07dd96c8f70d0310186b37bbb2e8e591807ac1d1bd0990c02bfd467ba57
+SIZE (rssh-2.3.2.tar.gz) = 113959
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?863bie5dac.wl%umq>