Your message dated Wed, 11 Sep 2013 10:18:09 +0000 with message-id <e1vjhuv-0007wz...@franck.debian.org> and subject line Bug#719070: fixed in filezilla 3.7.3-1 has caused the Debian Bug report #719070, regarding filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 719070: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719070 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: filezilla Severity: grave Tags: security upstream patch Hi, the following vulnerabilities were published for filezilla. CVE-2013-4206[0]: buffer underrun in modmul can corrupt the heap CVE-2013-4207[1]: non-coprime values in DSA signatures can cause buffer overflow in modular inverse CVE-2013-4208[2]: Private keys left in memory after being used by PuTTY tools These three more CVEs are also fixed in newest upstream version of filezilla (embedding putty source)[3]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4206 [1] http://security-tracker.debian.org/tracker/CVE-2013-4207 [2] http://security-tracker.debian.org/tracker/CVE-2013-4208 [3] https://filezilla-project.org/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: filezilla Source-Version: 3.7.3-1 We believe that the bug you reported is fixed in the latest version of filezilla, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 719...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrien Cunin <adri2...@ubuntu.com> (supplier of updated filezilla package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 27 Aug 2013 11:47:04 +0200 Source: filezilla Binary: filezilla filezilla-common Architecture: source amd64 all Version: 3.7.3-1 Distribution: unstable Urgency: low Maintainer: Adrien Cunin <adri2...@ubuntu.com> Changed-By: Adrien Cunin <adri2...@ubuntu.com> Description: filezilla - Full-featured graphical FTP/FTPS/SFTP client filezilla-common - Architecture independent files for filezilla Closes: 718800 719070 Changes: filezilla (3.7.3-1) unstable; urgency=low . * New upstream release, fixing the following PuTTY security vulnerabilities: - CVE-2013-4852 (Closes: #718800) - CVE-2013-4206, CVE-2013-4207, CVE-2013-4208 (Closes: #719070) Checksums-Sha1: 7647d5e805101d5a2605686edc07c6588f1bff3b 2122 filezilla_3.7.3-1.dsc 34c3dd1943816a916c54e49cbbea51c97ef3f583 3682494 filezilla_3.7.3.orig.tar.bz2 2d0f04e7d5b4a2a2b143fa0b8e2b5e27661c67d7 8115 filezilla_3.7.3-1.debian.tar.gz 58dc41e2af68d548c840e209544dbb447d4f85bd 968056 filezilla_3.7.3-1_amd64.deb d5df991836a12a895ca1d39249663fac579d7b9b 1824352 filezilla-common_3.7.3-1_all.deb Checksums-Sha256: 4f455193f7304014da921705cef7f1e8ae53217412f55e118ab3976f62f4bdae 2122 filezilla_3.7.3-1.dsc 2b012970a6033d8ffd4629b1d57b50ace62cd3750efad70001109f25e520c042 3682494 filezilla_3.7.3.orig.tar.bz2 b58024b61b4423d25d474fcc381fd3ea3875ec26d28a3ea51c3192014c05fcf2 8115 filezilla_3.7.3-1.debian.tar.gz 78309b61c9fa9808d360ae235c3f8b47205e8f36d840adb20551c0fa334090be 968056 filezilla_3.7.3-1_amd64.deb 2eceec25d4ae57bd7bd6937b7e091699f56bf57b37fc62d85abbaad8089df134 1824352 filezilla-common_3.7.3-1_all.deb Files: b14fb3f7177b689800e2e5c391bd1c6a 2122 net optional filezilla_3.7.3-1.dsc df7828739a852ac3adbc1c010303115d 3682494 net optional filezilla_3.7.3.orig.tar.bz2 4098f7e64b5531d519fcdb526e8c1d50 8115 net optional filezilla_3.7.3-1.debian.tar.gz a0408323e8b786e6b340464cdbe070a8 968056 net optional filezilla_3.7.3-1_amd64.deb 5175665e39fbbd6be5f654e94e3f93c0 1824352 net optional filezilla-common_3.7.3-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSMD+1AAoJEGEbqVCLeKXCJbcQAJgUOapktnSUaU/cnXjD0WiX yBkPYEPxiDr/upqvNg1dGLcR9ISiRi5UVknCDQ+tyDrTAirFN6mTW7MGXFURePcS 2ukf0rmCqfCG7XL3BjLOpRK1IJof5ngSLtnoVg49x88qqVeJorj55O2jsHeX/rej C4gsjJby7ZBHqQuWLnr6MeD5mb4RKyyal6Gz/MTl/wWnqvBzVuLlJgOAEKxYBMv2 0xQYfNl8bcp4AyrGnr8O5A2IJPmBTcXaimgK+TCSb9VIu6yS61sSnOu+LzVhVPTP HklGKAsQH7ZUz/WQDMrv9p9oe2wJcupG+/RUgNDND8hzHhHKZoKUoqv6IJO4qB7G 9bSCtP2Y38WWauzvN3DclXKRjSBH+Be36Le63h++SwW/FeCkRXQle4Rd3cm7IhwV SIddjcIaX62J/slEgSTnjq8i8mgLLBTGwtuxa5wZVAWheBmOIOQgN7m1ajHOqwdJ KX8qqSxsk1Xp6KdtnASUfiPT6GgaHoJXc7jP91PcqJT/sBN5HhN2Io4CeYfBQegz EV1TC56N/cUCDlyXY+1cY9wKYN1aEmQZ670e5StlUq/ZF9/v6jiTrSbpVnDd4x4i cOxrkVDq3lJeks0QwL8fRlI5ZBaMTsYO2mSdjoiHq9Kl19X+e975e1zE/WRhnt5v J0Saiyu2eb+4IU+Zu0x4 =s38Z -----END PGP SIGNATURE-----
--- End Message ---
