Your message dated Fri, 18 Nov 2005 09:47:28 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#339074: fixed in linux-ftpd-ssl 0.17.18+0.3-5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 14 Nov 2005 20:22:43 +0000 >From [EMAIL PROTECTED] Mon Nov 14 12:22:43 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de) by spohr.debian.org with esmtp (Exim 4.50) id 1Ebkqh-0005yF-8O for [EMAIL PROTECTED]; Mon, 14 Nov 2005 12:22:43 -0800 Received: from dslb-082-083-221-179.pools.arcor-ip.net ([82.83.221.179] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1Ebkqg-0002b3-4n for [EMAIL PROTECTED]; Mon, 14 Nov 2005 21:22:42 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.54) id 1EbkqU-0001MH-Et; Mon, 14 Nov 2005 21:22:30 +0100 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: linux-ftpd-ssl: Remotely exploitable buffer overflow X-Mailer: reportbug 3.17 Date: Mon, 14 Nov 2005 21:22:30 +0100 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.83.221.179 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE, RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: linux-ftpd-ssl Severity: grave Tags: security Justification: user security hole A remotely exploitable buffer overflow has been found in linux-ftpd-ssl. Please see http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html for a PoC exploit. A proposed patch is available at http://seclists.org/lists/fulldisclosure/2005/Nov/0147.html This has been assigned CVE-2005-3524, please mention this in the changelog when fixing it. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --------------------------------------- Received: (at 339074-close) by bugs.debian.org; 18 Nov 2005 17:52:09 +0000 >From [EMAIL PROTECTED] Fri Nov 18 09:52:09 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EdAKe-00057i-In; Fri, 18 Nov 2005 09:47:28 -0800 From: Cai Qian <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339074: fixed in linux-ftpd-ssl 0.17.18+0.3-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Fri, 18 Nov 2005 09:47:28 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: linux-ftpd-ssl Source-Version: 0.17.18+0.3-5 We believe that the bug you reported is fixed in the latest version of linux-ftpd-ssl, which is due to be installed in the Debian FTP archive: ftpd-ssl_0.17.18+0.3-5_i386.deb to pool/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-5_i386.deb linux-ftpd-ssl_0.17.18+0.3-5.diff.gz to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-5.diff.gz linux-ftpd-ssl_0.17.18+0.3-5.dsc to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-5.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cai Qian <[EMAIL PROTECTED]> (supplier of updated linux-ftpd-ssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 18 Nov 2005 17:27:01 +0000 Source: linux-ftpd-ssl Binary: ftpd-ssl Architecture: source i386 Version: 0.17.18+0.3-5 Distribution: unstable Urgency: high Maintainer: Cai Qian <[EMAIL PROTECTED]> Changed-By: Cai Qian <[EMAIL PROTECTED]> Description: ftpd-ssl - FTP server with SSL encryption support Closes: 339074 Changes: linux-ftpd-ssl (0.17.18+0.3-5) unstable; urgency=high . * applied security patch for CVE-2005-3524. (Closes: #339074) Files: 16b9147058f51e0889baf3e3e4e8d7df 919 net extra linux-ftpd-ssl_0.17.18+0.3-5.dsc 9adccf50c7c24811259ff7dac8663744 5498 net extra linux-ftpd-ssl_0.17.18+0.3-5.diff.gz 95e4529ef02e753c041fd8b27a531510 48284 net extra ftpd-ssl_0.17.18+0.3-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQ34Ql8SMJEo6oWZwAQLEqQgAgL0pXh6MHdHSfIxqsvmM037au7O/rFQk rJ/Z5rNWAq6y05ZHbepcTyBLI/ILXknSmeXzKkvA401Wq/mxDadFooDctoKG+7jk A5YHp5S2MaINDW1nKofzZC118W7GFwAZShUU5zNKlwXpR0ZzxbrH8ODvSQDMePEH RNBk7/6A8F1ahkSC2R3DuMwqVspb4+2M9vPAt5RHLuttOD1iT3cxOb2lIWE6mDS+ a8mSu/UlKYsjtPXqKWiOa9ZIBNUqZPL9n+jA4UeseWNgxeAXjqEhP5sydQdX+kCy /xmGW/IgVyLZpB0dtb0JkmEDSN33nSclFK0wm1M0vzJ9JfUeDHccSw== =Xmts -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]