Bug#622741: marked as done (vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762))

[Debian Bug Tracking System]

Your message dated Wed, 05 Oct 2011 01:55:42 +0000
with message-id <e1rbghy-0000hh...@franck.debian.org>
and subject line Bug#622741: fixed in vsftpd 2.0.7-1+lenny1
has caused the Debian Bug report #622741,
regarding vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
622741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: vsftpd
Version: 2.3.2-3
Severity: important

>From http://securityreason.com/securityalert/8109:
Topic :
vsftpd 2.3.2 remote denial-of-service
SecurityAlert : 8109
Arrow  CVE : CVE-2011-0762
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes

fix: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog



-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: vsftpd
Source-Version: 2.0.7-1+lenny1

We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive:

vsftpd_2.0.7-1+lenny1.diff.gz
  to main/v/vsftpd/vsftpd_2.0.7-1+lenny1.diff.gz
vsftpd_2.0.7-1+lenny1.dsc
  to main/v/vsftpd/vsftpd_2.0.7-1+lenny1.dsc
vsftpd_2.0.7-1+lenny1_amd64.deb
  to main/v/vsftpd/vsftpd_2.0.7-1+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 622...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated vsftpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 08 Sep 2011 19:15:16 +0000
Source: vsftpd
Binary: vsftpd
Architecture: source amd64
Version: 2.0.7-1+lenny1
Distribution: oldstable-security
Urgency: high
Maintainer: Daniel Baumann <dan...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description: 
 vsftpd     - The Very Secure FTP Daemon
Closes: 622741
Changes: 
 vsftpd (2.0.7-1+lenny1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix possible DoS via globa expressions in STAT commands by
     limiting the matching loop (CVE-2011-0762; Closes: #622741).
Checksums-Sha1: 
 7f63450f643efc289afcd7b525673239c01ab1ad 1197 vsftpd_2.0.7-1+lenny1.dsc
 760afe849d1ebe10592ef29032b6e00e7f1bbf79 162801 vsftpd_2.0.7.orig.tar.gz
 228c9e3ba291bca1ec3cb3870c97dbd38b245479 10474 vsftpd_2.0.7-1+lenny1.diff.gz
 e230491f1a9941caf5dd6bb19274be12c3b0a148 126780 vsftpd_2.0.7-1+lenny1_amd64.deb
Checksums-Sha256: 
 9bfebb2a05033c11bdc226757daf18978e4f5815691d7b5197347ca09ef1a3b5 1197 
vsftpd_2.0.7-1+lenny1.dsc
 5d86a6d627f2d8e35dbdefdbd445f6016d349955107b247076bbcc36cde1046b 162801 
vsftpd_2.0.7.orig.tar.gz
 087dcaa43c3e9f7e69b81e4fa5f0fe5034030cfeb0eed201d9e7c402631fb1b2 10474 
vsftpd_2.0.7-1+lenny1.diff.gz
 2262c759a9fa39afd01a6726e82fae323f71dfa69964fc47f1c1ac2b61a5e206 126780 
vsftpd_2.0.7-1+lenny1_amd64.deb
Files: 
 7c6a797b0d94707b273a009320b575a5 1197 net extra vsftpd_2.0.7-1+lenny1.dsc
 3e39cb7b0bee306ad7df8e3552e15297 162801 net extra vsftpd_2.0.7.orig.tar.gz
 7bbc86393f17d08fd288434546e384da 10474 net extra vsftpd_2.0.7-1+lenny1.diff.gz
 371ba0da1356678ab56b498082abd35d 126780 net extra 
vsftpd_2.0.7-1+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5pFSYACgkQHYflSXNkfP/kngCcCeduoXOutkTQ5JpiJRQ0vmdl
sKsAn3OrI8yfh4pkomvhyhwXrSolQvrJ
=smu+
-----END PGP SIGNATURE-----

--- End Message ---