[Bug 905252] Re: CVE-2011-4130 in lucid, maverick, natty

Tue, 20 Dec 2011 07:27:45 -0800 

Thanks for the debdiffs! Your changelog entry and patch name references
'CVE-2011-041'.  This is an invalid CVE identifier. From what I can tell
from the history in the Debian squeeze package, you meant to reference
CVE-2011-0411. Can you confirm this? If so, the debdiffs should be
updated to not call this issue by that CVE name, since it is for
postfix. Instead, say it is 'similar to CVE-2011-0411' in the changelog
and DEP-3 comments (and rename the patch).

Also, CVE-2010-4652 and CVE-2011-1137 are also open for lucid and
maverick (patches are available in the Debian squeeze packaging). Can
you update your debdiffs to include the fixes for these issues as well?

Thanks again!

** Also affects: proftpd-dfsg (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: proftpd-dfsg (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: proftpd-dfsg (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Changed in: proftpd-dfsg (Ubuntu Natty)
       Status: New => Confirmed

** Changed in: proftpd-dfsg (Ubuntu Natty)
   Importance: Undecided => Medium

** Changed in: proftpd-dfsg (Ubuntu Maverick)
   Importance: Undecided => Medium

** Changed in: proftpd-dfsg (Ubuntu Lucid)
   Importance: Undecided => Medium

** Changed in: proftpd-dfsg (Ubuntu Maverick)
       Status: New => Incomplete

** Changed in: proftpd-dfsg (Ubuntu Lucid)
       Status: New => Incomplete

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4652

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1137

** Changed in: proftpd-dfsg (Ubuntu Natty)
       Status: Confirmed => Incomplete

** Changed in: proftpd-dfsg (Ubuntu Natty)
     Assignee: (unassigned) => Mahyuddin Susanto (udienz)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/905252

Title:
  CVE-2011-4130 in lucid, maverick, natty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to