Your message dated Fri, 25 Apr 2008 20:00:46 -0500
with message-id <[EMAIL PROTECTED]>
and subject line oftpd has been removed from Debian, closing #353882
has caused the Debian Bug report #353882,
regarding oftpd: Remote DoS vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
353882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=353882
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: oftpd
Version: 20040304-1
Severity: grave
Justification: renders package unusable
oftpd is exposed to a Denial-of-Service attack, as described in
http://www.time-travellers.org/oftpd/oftpd-dos.html
the solution is to upgrade to 0.3.7
i think this has been fixed in woody (oftpd-0.3.6-6 upload by the
security team), however sarge has a broken version.
(since i just recently switched from woody to sarge, that's why i
came across this)
i really think that this should be fixed in sarge by security-team.
i know that this is basically a duplication of bug#307957, however,
since the maintainer has not reacted, i re-report this bug with a higher
priority (which i really think it deserves)
(and btw, reportbug didn't give me the option to find out whether this
bug has already been reported)
related question: is there another secure anonymous-only ftp-client in
debian/sarge?
mfg.asd.r
IOhanens
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages oftpd depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii libc6 2.3.5-13 GNU C Library: Shared libraries an
ii syslog-ng [system-log-daemon] 1.6.5-2.2 Next generation logging daemon
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Version: 20040304-1+rm
The oftpd package has been removed from Debian testing, unstable and
experimental, so I am now closing the remaining open bugs.
For more information about this package's removal, read
http://bugs.debian.org/332186 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Raphael Geissert
--- End Message ---