Your message dated Mon, 05 Sep 2016 13:20:05 +0000
with message-id <[email protected]>
and subject line Bug#789205: fixed in pure-ftpd 1.0.43-1
has caused the Debian Bug report #789205,
regarding pure-ftpd: can't set secure cipher suites configuration
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
789205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789205
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pure-ftpd
Version: 1.0.36-3.2
Severity: normal
Dear Maintainer,
I was performing verification of pure-ftpd cipher suites configuration
and discovered it was using DHE with with very low dhparam value of 1024.
It's security issue that needs to be addressed, but it seems that switching
to ECDHE (with secp521r1) or using DHE with dhparam 4096 is possible since
pure-ftpd 1.0.38, where options to configure forward secrecy cipher suites
were added (TLS_DEFAULT_ECDH_CURVE, TLS_DHPARAMS_FILE).
My proposal is to either update pure-ftpd to 1.0.38, or backport this
specific features to 1.0.36, so setting secure cipher suites would
be possible.
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: pure-ftpd
Source-Version: 1.0.43-1
We believe that the bug you reported is fixed in the latest version of
pure-ftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <[email protected]> (supplier of updated pure-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Sep 2016 14:27:30 +0200
Source: pure-ftpd
Binary: pure-ftpd-common pure-ftpd pure-ftpd-mysql pure-ftpd-postgresql
pure-ftpd-ldap
Architecture: source all amd64
Version: 1.0.43-1
Distribution: unstable
Urgency: medium
Maintainer: Stefan Hornburg (Racke) <[email protected]>
Changed-By: Stefan Hornburg (Racke) <[email protected]>
Description:
pure-ftpd - Secure and efficient FTP server
pure-ftpd-common - Pure-FTPd FTP server (Common Files)
pure-ftpd-ldap - Secure and efficient FTP server with LDAP user authentication
pure-ftpd-mysql - Secure and efficient FTP server with MySQL user
authentication
pure-ftpd-postgresql - Secure and efficient FTP server with PostgreSQL user
authenticati
Closes: 764537 770049 782353 789205 790474 791420
Changes:
pure-ftpd (1.0.43-1) unstable; urgency=medium
.
* New upstream release:
- remove patch for PostgreSQL configuration file.
- remove PAM_RHOST patch.
- security improvements (Closes: #782353, #791420).
- additional cipher suites configuration options (Closes: #789205).
* Add -O2 to CFLAGS in order to enable hardened build features (Closes:
#764537).
* Stop using absolute path for dpkg-statoverride (Closes: #770049).
* Drop conditional build-depend on libmysqlclient15-dev (Closes: #790474).
* Align default for TLSCipherSuite configuration with Pure-FTPd sources.
* Lintian fixes:
- replace dh_clean -k with dh_prep
Checksums-Sha1:
b0a5feb68cb393f7b2aac8592816f91594391993 2237 pure-ftpd_1.0.43-1.dsc
ea18c1d867c581fb382dc39b588d28c0cc4863ed 639464 pure-ftpd_1.0.43.orig.tar.gz
84a8eeec6631f636ac9dd7ec5a9cf11cce994d5f 48657 pure-ftpd_1.0.43-1.diff.gz
e9bebbde81692a0bc44e07d3a80096ee50702bf8 187650
pure-ftpd-common_1.0.43-1_all.deb
32df25a0d9e1c942dedaf120ecabe582624a56b4 18778
pure-ftpd-dbgsym_1.0.43-1_amd64.deb
8b757f9bec177ee4b2d0233414232f37509ce524 19910
pure-ftpd-ldap-dbgsym_1.0.43-1_amd64.deb
b72873a38d81fdef15e4d2f5b71bd744252eb20e 129132
pure-ftpd-ldap_1.0.43-1_amd64.deb
a79dc643957edbad2c1b1928ecc33361765cf019 642054
pure-ftpd-mysql-dbgsym_1.0.43-1_amd64.deb
489fcef8c4517ab880de4de58f0579fa7d881ccd 128942
pure-ftpd-mysql_1.0.43-1_amd64.deb
3ae913919450bcdca1014d64e16550997856a0ab 19592
pure-ftpd-postgresql-dbgsym_1.0.43-1_amd64.deb
4f3fd0ab395c32cfe44f227fd5f10334ed40614a 129322
pure-ftpd-postgresql_1.0.43-1_amd64.deb
f49370a337ca54d9643b3b1a19f3561a83404e7e 118084 pure-ftpd_1.0.43-1_amd64.deb
Checksums-Sha256:
64876c38f9b767648106a66fad84500e5705dbe1fa2791f382346796740bcb43 2237
pure-ftpd_1.0.43-1.dsc
49759e17f03213e4740e0536e7783d7c333866c3d659054c996130eeb5018cdf 639464
pure-ftpd_1.0.43.orig.tar.gz
b2c45c892dfed6a307964506d8c4e8510772dcd46f74145234b94ce0dd5831a1 48657
pure-ftpd_1.0.43-1.diff.gz
90ca79fe8b4dd2fa74c84326e24e2e34b82999dc73e7e6778f8176aa047ae2ca 187650
pure-ftpd-common_1.0.43-1_all.deb
f3b163044b326fb851a0c7a11ec104028d51674f5910209de5814c118f2f917d 18778
pure-ftpd-dbgsym_1.0.43-1_amd64.deb
64a2fcb5291d476af71173bf2c652b2a5c21fa4f56fa50695c63aca3c2eca003 19910
pure-ftpd-ldap-dbgsym_1.0.43-1_amd64.deb
4acb752ca9b4dab633882f4f39b4a82176cdd26ee189e79e496384b99981132e 129132
pure-ftpd-ldap_1.0.43-1_amd64.deb
81344a194395d3109189d416a9e44ee8228a410047ed49b41c7b2ba32d17cee9 642054
pure-ftpd-mysql-dbgsym_1.0.43-1_amd64.deb
162d4af95bc93458f3a60b98315f6e5e79de91bbe1e09de55b2f36841f186d37 128942
pure-ftpd-mysql_1.0.43-1_amd64.deb
6b40aa997c6cd0b1c135a63810fe33d7f8a2aa12d3ea04c7b4109616a4c0e0ab 19592
pure-ftpd-postgresql-dbgsym_1.0.43-1_amd64.deb
e42a2f57fbdd69d3bb3f96b5dab4b912f62c619c62feaca4b316695202d29805 129322
pure-ftpd-postgresql_1.0.43-1_amd64.deb
987a4be7cf9a112d70b6b4b5615184d0f69403c419e33e2f2b8a4aa0b50a184c 118084
pure-ftpd_1.0.43-1_amd64.deb
Files:
55087848caa9f3c20a858c58fb2e68bd 2237 net optional pure-ftpd_1.0.43-1.dsc
1c2c521f4c51a50022287dd8a8181e78 639464 net optional
pure-ftpd_1.0.43.orig.tar.gz
ac2164ad11fa9ba30c07324647c3ae3c 48657 net optional pure-ftpd_1.0.43-1.diff.gz
376aed47ac698a3fce57fd49bb5d0dfd 187650 net optional
pure-ftpd-common_1.0.43-1_all.deb
d43d96d8370cb35faa886e67e5406555 18778 debug extra
pure-ftpd-dbgsym_1.0.43-1_amd64.deb
0f2a03440b15e26ed8c55a71c3dfca0e 19910 debug extra
pure-ftpd-ldap-dbgsym_1.0.43-1_amd64.deb
7437978660dd81ce2bfc094a3689a6db 129132 net optional
pure-ftpd-ldap_1.0.43-1_amd64.deb
6a1a048c272f2e8c718414c65c13e415 642054 debug extra
pure-ftpd-mysql-dbgsym_1.0.43-1_amd64.deb
ac4ede9f6d1f7e98aa4b17d6bf3b0e0a 128942 net optional
pure-ftpd-mysql_1.0.43-1_amd64.deb
757785463a8005ec149dd2e15588b660 19592 debug extra
pure-ftpd-postgresql-dbgsym_1.0.43-1_amd64.deb
082ce3bad7ae438aa092d69b564c521c 129322 net optional
pure-ftpd-postgresql_1.0.43-1_amd64.deb
5f92d993057a9a637f31426e6badd1f4 118084 net optional
pure-ftpd_1.0.43-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXzW/mAAoJEFuTAVv6JyD4LXgP/iMI2lOG3Ze2DsoTargopkA5
zcmbCMHsDO7h0WcGKNT6NCDmf20dBILMIC9Zw0Zl5kqLFd6ALZNmhVIYKHeZlsGg
/rwGiHuiWfkE2bGeF9dUKU74Okq3BjtITEFOxMybJ67AC+3PiVICouxEtnAjwQkr
CXK7WvaRYgRFmXHR1EfowEmJUQuOwyRguJgW07ozenIxrLu5eHQIv45IM/X+eerB
9fC1dIDottSKhgb1pybH951vcvMeKzAzOoHNH4gUALw6TFTchIGgAs8a0csS5aEs
2dXGhyTkrvVt1ItPlVUAJb4VwtuSHfslV8VUVkFlNRTgbgUJCbFRDVKRroj+SOgt
u4PLKHX5iIn2VzJDmI0vPwXMFt+fBdh9GtWsaqOSUw6M2XO/467TmiGy509ZItmE
CMxOP6oGVaWHrSEmSnXiwFQVdTFSokaJHilhzL48MG0LZ6wHQ5y0gofs6VFN3Q8r
ol/kXACuhqcV4qE9gnylqPfuLSLeGxELkPS8sTFEeD7r1L+0Vk5k4R681o2P4+A2
pf+gfVJ1l+rAto4I1sclbGhc/4j4Nyd/7xaKLpSHdIWLU09h2Z5Dmp0rbH4l9QnX
1v9Jz04GktvToLDkoWLBL27i0Rje3t6L9MKEunkHEtiAPNlTJq5THPy4kMJlWqhx
QZJnKpWRSTqEjr9hyMBl
=om8O
-----END PGP SIGNATURE-----
--- End Message ---
