Your message dated Tue, 8 Jan 2013 15:19:23 +0100
with message-id <[email protected]>
and subject line Re: Bug#697524: proftpd-basic: Apply upstream bugfix for
upstream bug #3841 – Possible symlink race when applying UserOwner
has caused the Debian Bug report #697524,
regarding proftpd-basic: CVE-2012-6095: Possible symlink race when applying
UserOwner
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
697524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proftpd-basic
Version: 1.3.4a-2+b1
Severity: normal
Tags: security
There's a symlink race that could lead to root access in some configurations.
See here:
http://bugs.proftpd.org/show_bug.cgi?id=3841
There's an upstream bugfix, so that should probably be backported.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.6.7 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages proftpd-basic depends on:
ii adduser 3.113+nmu3
ii debconf 1.5.49
ii debianutils 4.3.2
ii libacl1 2.2.51-8
ii libc6 2.13-37
ii libcap2 1:2.22-1.2
ii libncurses5 5.9-10
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libpcre3 1:8.30-5
ii libssl1.0.0 1.0.1c-4
ii libtinfo5 5.9-10
ii libwrap0 7.6.q-24
ii netbase 5.0
ii sed 4.2.1-10
ii ucf 3.0025+nmu3
ii update-inetd 4.43
ii zlib1g 1:1.2.7.dfsg-13
proftpd-basic recommends no packages.
Versions of packages proftpd-basic suggests:
ii openbsd-inetd [inet-superserver] 0.20091229-2
ii openssl 1.0.1c-4
pn proftpd-doc <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-sqlite <none>
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Package: proftpd-basic
Version: 1.3.4a-3
Fixed in unstable. Backported to 1.3.3 and stable (via DSA).
--
Francesco P. Lovergine
--- End Message ---