Your message dated Wed, 01 Jan 2020 16:05:04 +0000
with message-id <[email protected]>
and subject line Bug#947869: fixed in pure-ftpd 1.0.49-2
has caused the Debian Bug report #947869,
regarding pure-ftpd: CVE-2019-20176
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
947869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947869
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pure-ftpd
Version: 1.0.49-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for pure-ftpd.
CVE-2019-20176[0]:
| In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the
| listdir function in ls.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-20176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20176
[1]
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pure-ftpd
Source-Version: 1.0.49-2
We believe that the bug you reported is fixed in the latest version of
pure-ftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <[email protected]> (supplier of updated pure-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Jan 2020 16:21:21 +0100
Source: pure-ftpd
Architecture: source
Version: 1.0.49-2
Distribution: unstable
Urgency: medium
Maintainer: Stefan Hornburg (Racke) <[email protected]>
Changed-By: Stefan Hornburg (Racke) <[email protected]>
Closes: 947869
Changes:
pure-ftpd (1.0.49-2) unstable; urgency=medium
.
* Fix stack exhaustion issue: CVE-2019-20176 (Closes: #947869)
Checksums-Sha1:
e833e6041c621db2a7e02a5d4ecf59fcd905553e 2221 pure-ftpd_1.0.49-2.dsc
a2ec455a0cc4ee9c2bce15c81ccd939ae69461b4 45016 pure-ftpd_1.0.49-2.debian.tar.xz
f819bf46b24dde662a569bdb7aaf22ade92ed547 9607
pure-ftpd_1.0.49-2_amd64.buildinfo
Checksums-Sha256:
4713df7b7cad91497ceb50505d523cea93afb805b2c19ea90693f60f9afcb6a8 2221
pure-ftpd_1.0.49-2.dsc
701e0fc0c5b2d86e927c0fa3c7ec0b57645b379de46ba0052ff7c03444f2ede0 45016
pure-ftpd_1.0.49-2.debian.tar.xz
5a4e5b7056a4045fc3f33fd7630cac01b5f2cbe32118e6bf287e836d023c5926 9607
pure-ftpd_1.0.49-2_amd64.buildinfo
Files:
3fb6d4e6625abe0b9bba85b0419836ec 2221 net optional pure-ftpd_1.0.49-2.dsc
d4035c7c2001c0278820f2396fb22c87 45016 net optional
pure-ftpd_1.0.49-2.debian.tar.xz
98b20a021be875a8cc61ef278b03065e 9607 net optional
pure-ftpd_1.0.49-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE1oFJdaJ3d0yY0N/vW5MBW/onIPgFAl4MvGcRHHJhY2tlQGxp
bnV4aWEuZGUACgkQW5MBW/onIPjlshAAvX0INJ4FI2jk1djq6nSgd+c8Ddyepvkp
EH7jFewo1iusKjNaQPwSS7qgFCIZxWOE52KO3dNtxrwmgNZzCB9a+vI7h+yoYYcf
ODxFx5GJUcG+II6MK3Wv9IH9rH9qV7zc0H/HzzQpWUSQ4+uo+D1aFAfEu2wMgIKG
aX6YnMt6EMEPeJvElliLJspLyAsoSQbPUPDJhld5UxKCoU49RbWX+d7Vi94LHZlB
+J1NA9NBOJFHeRZPB11X50yDjS33gEd9WyVajokVET5WDwEBBkbZpKHP0mRq7+JW
STGoJrtnnLhrX48kSl90hY6z9No6FjqM5TzjSDBVsvRQzewSDzz+vmEY0xMIO+qa
nk9OPvUu+UfLhVq8//cPDNdpOeL9YfQVJ0qW2BGAC9C3nCLrmAfIVmNwurFToHC8
S88wc4tcSSdJyvqCbUSukx35/VMpONxwTP338aKCZJysPsuPxb0igaEoM8Fywkv2
GSEGncvTT/4S5w6lp9bfgeZNO3TWy7Rw2v8wX5hngWsrEw5ZFMkVIuzAbqXbbk3s
9cfy7dcmGPaVJfCKnohEZQjIQRH4XTdks0840tFwxC5E0xfdfh/YPhdkgIc2RoCr
azx0rz9xwNndCkcDIQms2+XP7L7If9yQJu8y7NDqJkurBWZUWv8YZIBMLEE2/6vt
Zpztg9UXTk0=
=53Sa
-----END PGP SIGNATURE-----
--- End Message ---
