Your message dated Tue, 22 May 2007 12:47:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425162: fixed in wu-ftpd 2.6.2-26
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wu-ftpd
Severity: important
Hi,
CVE-2003-1327 reads as follows:
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and
earlier, when compiled with MAIL_ADMIN option enabled on a system that
supports very long pathnames, might allow remote anonymous users to
execute arbitrary code by uploading a file with a long pathname, which
triggers the overflow when wu-ftpd constructs a notification message
to the administrator.
Would you kindly look at this security problem, and please mention this
CVE number in any uploads that are done to address this issue.
Thanks
Micah
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-vserver-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: wu-ftpd
Source-Version: 2.6.2-26
We believe that the bug you reported is fixed in the latest version of
wu-ftpd, which is due to be installed in the Debian FTP archive:
wu-ftpd_2.6.2-26.diff.gz
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-26.diff.gz
wu-ftpd_2.6.2-26.dsc
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-26.dsc
wu-ftpd_2.6.2-26_i386.deb
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-26_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Butler <[EMAIL PROTECTED]> (supplier of updated wu-ftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 22 May 2007 13:21:26 +0100
Source: wu-ftpd
Binary: wu-ftpd
Architecture: source i386
Version: 2.6.2-26
Distribution: unstable
Urgency: high
Maintainer: Chris Butler <[EMAIL PROTECTED]>
Changed-By: Chris Butler <[EMAIL PROTECTED]>
Description:
wu-ftpd - powerful and widely used FTP server
Closes: 425162
Changes:
wu-ftpd (2.6.2-26) unstable; urgency=high
.
* Disabled MAIL_ADMIN functionality due to CVE-2003-1327 (closes:
#425162)
Files:
e974b1ffe3d5bc1e8f6f4b787b3ceb2d 604 net extra wu-ftpd_2.6.2-26.dsc
3568a1b050fc37d228abf692c08f3d18 153347 net extra wu-ftpd_2.6.2-26.diff.gz
00f3242f68fb2205fca019a9e42741bd 282954 net extra wu-ftpd_2.6.2-26_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGUuIvDzQFd9CXomERAg/mAKCTdRhcM3SC+Uya9H/ydkSSmq1ldgCcCFWn
erS8fPsJPIoMKz1t8zVYzts=
=PgyV
-----END PGP SIGNATURE-----
--- End Message ---
