Your message dated Fri, 18 Nov 2005 09:47:28 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339074: fixed in linux-ftpd-ssl 0.17.18+0.3-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Nov 2005 20:22:43 +0000
>From [EMAIL PROTECTED] Mon Nov 14 12:22:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111]
helo=vserver151.vserver151.serverflex.de)
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ebkqh-0005yF-8O
for [EMAIL PROTECTED]; Mon, 14 Nov 2005 12:22:43 -0800
Received: from dslb-082-083-221-179.pools.arcor-ip.net ([82.83.221.179]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1Ebkqg-0002b3-4n
for [EMAIL PROTECTED]; Mon, 14 Nov 2005 21:22:42 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
id 1EbkqU-0001MH-Et; Mon, 14 Nov 2005 21:22:30 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: linux-ftpd-ssl: Remotely exploitable buffer overflow
X-Mailer: reportbug 3.17
Date: Mon, 14 Nov 2005 21:22:30 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.83.221.179
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: linux-ftpd-ssl
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable buffer overflow has been found in linux-ftpd-ssl.
Please see http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html for
a PoC exploit.
A proposed patch is available at
http://seclists.org/lists/fulldisclosure/2005/Nov/0147.html
This has been assigned CVE-2005-3524, please mention this in the changelog
when fixing it.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 339074-close) by bugs.debian.org; 18 Nov 2005 17:52:09 +0000
>From [EMAIL PROTECTED] Fri Nov 18 09:52:09 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EdAKe-00057i-In; Fri, 18 Nov 2005 09:47:28 -0800
From: Cai Qian <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#339074: fixed in linux-ftpd-ssl 0.17.18+0.3-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 18 Nov 2005 09:47:28 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: linux-ftpd-ssl
Source-Version: 0.17.18+0.3-5
We believe that the bug you reported is fixed in the latest version of
linux-ftpd-ssl, which is due to be installed in the Debian FTP archive:
ftpd-ssl_0.17.18+0.3-5_i386.deb
to pool/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-5_i386.deb
linux-ftpd-ssl_0.17.18+0.3-5.diff.gz
to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-5.diff.gz
linux-ftpd-ssl_0.17.18+0.3-5.dsc
to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cai Qian <[EMAIL PROTECTED]> (supplier of updated linux-ftpd-ssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Nov 2005 17:27:01 +0000
Source: linux-ftpd-ssl
Binary: ftpd-ssl
Architecture: source i386
Version: 0.17.18+0.3-5
Distribution: unstable
Urgency: high
Maintainer: Cai Qian <[EMAIL PROTECTED]>
Changed-By: Cai Qian <[EMAIL PROTECTED]>
Description:
ftpd-ssl - FTP server with SSL encryption support
Closes: 339074
Changes:
linux-ftpd-ssl (0.17.18+0.3-5) unstable; urgency=high
.
* applied security patch for CVE-2005-3524. (Closes: #339074)
Files:
16b9147058f51e0889baf3e3e4e8d7df 919 net extra linux-ftpd-ssl_0.17.18+0.3-5.dsc
9adccf50c7c24811259ff7dac8663744 5498 net extra
linux-ftpd-ssl_0.17.18+0.3-5.diff.gz
95e4529ef02e753c041fd8b27a531510 48284 net extra
ftpd-ssl_0.17.18+0.3-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ34Ql8SMJEo6oWZwAQLEqQgAgL0pXh6MHdHSfIxqsvmM037au7O/rFQk
rJ/Z5rNWAq6y05ZHbepcTyBLI/ILXknSmeXzKkvA401Wq/mxDadFooDctoKG+7jk
A5YHp5S2MaINDW1nKofzZC118W7GFwAZShUU5zNKlwXpR0ZzxbrH8ODvSQDMePEH
RNBk7/6A8F1ahkSC2R3DuMwqVspb4+2M9vPAt5RHLuttOD1iT3cxOb2lIWE6mDS+
a8mSu/UlKYsjtPXqKWiOa9ZIBNUqZPL9n+jA4UeseWNgxeAXjqEhP5sydQdX+kCy
/xmGW/IgVyLZpB0dtb0JkmEDSN33nSclFK0wm1M0vzJ9JfUeDHccSw==
=Xmts
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
