Bug#622741: marked as done (vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762))

Debian Bug Tracking System Wed, 21 Sep 2011 12:57:21 -0700

Your message dated Wed, 21 Sep 2011 19:55:18 +0000
with message-id <[email protected]>
and subject line Bug#622741: fixed in vsftpd 2.3.2-3+squeeze2
has caused the Debian Bug report #622741,
regarding vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
622741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: vsftpd
Version: 2.3.2-3
Severity: important

>From http://securityreason.com/securityalert/8109:
Topic :
vsftpd 2.3.2 remote denial-of-service
SecurityAlert : 8109
Arrow  CVE : CVE-2011-0762
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes

fix: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog



-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vsftpd
Source-Version: 2.3.2-3+squeeze2

We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive:

vsftpd_2.3.2-3+squeeze2.diff.gz
  to main/v/vsftpd/vsftpd_2.3.2-3+squeeze2.diff.gz
vsftpd_2.3.2-3+squeeze2.dsc
  to main/v/vsftpd/vsftpd_2.3.2-3+squeeze2.dsc
vsftpd_2.3.2-3+squeeze2_amd64.deb
  to main/v/vsftpd/vsftpd_2.3.2-3+squeeze2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated vsftpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Sep 2011 20:39:59 +0000
Source: vsftpd
Binary: vsftpd
Architecture: source amd64
Version: 2.3.2-3+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description: 
 vsftpd     - lightweight, efficient FTP server written for security
Closes: 622741
Changes: 
 vsftpd (2.3.2-3+squeeze2) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Disable network isolation due to a problem with cleaning up network
     namespaces fast enough in kernels < 2.6.35 (CVE-2011-2189).
     Thanks Ben Hutchings for the patch!
   * Fix possible DoS via globa expressions in STAT commands by
     limiting the matching loop (CVE-2011-0762; Closes: #622741).
Checksums-Sha1: 
 7234c9761cbc32be34ce79278dddb7138538db9b 1328 vsftpd_2.3.2-3+squeeze2.dsc
 d525974514ecf61cbbf9cb51066aa68d5a52033b 187229 vsftpd_2.3.2.orig.tar.gz
 9a9a24aca0c4bf7863d0ae4bd95d1337bfb30b9d 25312 vsftpd_2.3.2-3+squeeze2.diff.gz
 f732447cd5ffe8a0e3c2bc1687f455448b51ca53 148166 
vsftpd_2.3.2-3+squeeze2_amd64.deb
Checksums-Sha256: 
 83b3537ae8c5e4137fd2636b8282d0f5e0b9cd17848e09435b3a103aa930d654 1328 
vsftpd_2.3.2-3+squeeze2.dsc
 a4e04836d8e271f361030e6a679ad001046c3e37f59e9fee5114189f9e065336 187229 
vsftpd_2.3.2.orig.tar.gz
 21c48a68b73926bfa28925db8472d811da77032f115b8961c195481387316586 25312 
vsftpd_2.3.2-3+squeeze2.diff.gz
 e839fc8cd741b76572f90b7c363932daef6fb6bc26fefad497046328b912ba30 148166 
vsftpd_2.3.2-3+squeeze2_amd64.deb
Files: 
 080129573f1482cb2530cbd4e0f78175 1328 net extra vsftpd_2.3.2-3+squeeze2.dsc
 bad7b117d737a738738836041edc00db 187229 net extra vsftpd_2.3.2.orig.tar.gz
 3a9eee70c852d49d91102220ce258071 25312 net extra 
vsftpd_2.3.2-3+squeeze2.diff.gz
 f0e8e5fc8471b574e9bc7a6927db691b 148166 net extra 
vsftpd_2.3.2-3+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk52fU0ACgkQHYflSXNkfP9xagCgpJMl8AiwDetNf+TKOPYElRNM
ZHEAoIB4QO8aqpOdUTjnaJplWKwlgtai
=UkSH
-----END PGP SIGNATURE-----

--- End Message ---

Bug#622741: marked as done (vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762))

Reply via email to