Your message dated Fri, 12 Oct 2007 10:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446192: fixed in wzdftpd 0.8.2-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wzdftpd
Version: 0.5.2-1.1sarge2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wzdftpd.
CVE-2007-5300[0]:
| Off-by-one error in the do_login_loop function in
| libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote
| attackers to cause a denial of service (daemon crash) via a long USER
| command that triggers a stack-based buffer overflow. NOTE: some of
| these details are obtained from third party information.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5300
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpUEoLKHP7or.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: wzdftpd
Source-Version: 0.8.2-2.1
We believe that the bug you reported is fixed in the latest version of
wzdftpd, which is due to be installed in the Debian FTP archive:
wzdftpd-back-mysql_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-back-mysql_0.8.2-2.1_i386.deb
wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
wzdftpd-dev_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-dev_0.8.2-2.1_i386.deb
wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
wzdftpd-mod-perl_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-mod-perl_0.8.2-2.1_i386.deb
wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
wzdftpd_0.8.2-2.1.diff.gz
to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1.diff.gz
wzdftpd_0.8.2-2.1.dsc
to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1.dsc
wzdftpd_0.8.2-2.1_i386.deb
to pool/main/w/wzdftpd/wzdftpd_0.8.2-2.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated wzdftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 11 Oct 2007 13:03:42 +0200
Source: wzdftpd
Binary: wzdftpd-mod-perl wzdftpd-back-mysql wzdftpd-dev wzdftpd-mod-avahi
wzdftpd-back-pgsql wzdftpd wzdftpd-mod-tcl
Architecture: source i386
Version: 0.8.2-2.1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
wzdftpd - A portable, modular, small and efficient ftp server
wzdftpd-back-mysql - MySQL backend for wzdftpd
wzdftpd-back-pgsql - PostgreSQL backend for wzdftpd
wzdftpd-dev - Development files for wzdftpd
wzdftpd-mod-avahi - Zeroconf module for wzdftpd
wzdftpd-mod-perl - Perl module for wzdftpd
wzdftpd-mod-tcl - TCL module for wzdftpd
Closes: 446192
Changes:
wzdftpd (0.8.2-2.1) unstable; urgency=high
.
* Non-maintainer upload by testing security team.
* Fix off-by-one in wzd_login.c which leads to a remote
denial of service vulnerability (CVE-2007-5300) (Closes: #446192).
Files:
fd7d4842159a2a91f59df2b4eb401a6b 875 net optional wzdftpd_0.8.2-2.1.dsc
6a6c3b76b21343ae93dcca436320c772 3792 net optional wzdftpd_0.8.2-2.1.diff.gz
5624c3c39046c7a57483e1a17b56769d 261240 net optional wzdftpd_0.8.2-2.1_i386.deb
e333addd7c5dcb1a8aba0b760b15c400 40342 net optional
wzdftpd-back-mysql_0.8.2-2.1_i386.deb
5867a01ecbdd2fb8d1eeb42527b49785 40080 net optional
wzdftpd-back-pgsql_0.8.2-2.1_i386.deb
b96a194a87098ac2c65fcc489058de89 31022 net optional
wzdftpd-mod-avahi_0.8.2-2.1_i386.deb
61b1d212c64f88d1bcf1fc6e3aa36870 35480 net optional
wzdftpd-mod-tcl_0.8.2-2.1_i386.deb
fec3ece519e42fe158640fc9198cdd1d 45000 net optional
wzdftpd-mod-perl_0.8.2-2.1_i386.deb
23667f89f444bbf3416b2ec0d05a0249 71288 libdevel optional
wzdftpd-dev_0.8.2-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHD021HYflSXNkfP8RArMdAJ4j/Uz0QFODL9UanX2OJbwifiYw9wCgk/CW
X6pNQLOiTNB2QhsbXGgPkhg=
=GzSw
-----END PGP SIGNATURE-----
--- End Message ---
