Your message dated Tue, 8 Jan 2013 15:19:23 +0100
with message-id <[email protected]>
and subject line Re: Bug#697524: proftpd-basic: Apply upstream bugfix for 
upstream bug #3841 – Possible symlink race when applying UserOwner
has caused the Debian Bug report #697524,
regarding proftpd-basic: CVE-2012-6095: Possible symlink race when applying 
UserOwner
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
697524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proftpd-basic
Version: 1.3.4a-2+b1
Severity: normal
Tags: security

There's a symlink race that could lead to root access in some configurations. 
See here:
http://bugs.proftpd.org/show_bug.cgi?id=3841

There's an upstream bugfix, so that should probably be backported.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6.7 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages proftpd-basic depends on:
ii  adduser         3.113+nmu3
ii  debconf         1.5.49
ii  debianutils     4.3.2
ii  libacl1         2.2.51-8
ii  libc6           2.13-37
ii  libcap2         1:2.22-1.2
ii  libncurses5     5.9-10
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g        1.1.3-7.1
ii  libpcre3        1:8.30-5
ii  libssl1.0.0     1.0.1c-4
ii  libtinfo5       5.9-10
ii  libwrap0        7.6.q-24
ii  netbase         5.0
ii  sed             4.2.1-10
ii  ucf             3.0025+nmu3
ii  update-inetd    4.43
ii  zlib1g          1:1.2.7.dfsg-13

proftpd-basic recommends no packages.

Versions of packages proftpd-basic suggests:
ii  openbsd-inetd [inet-superserver]  0.20091229-2
ii  openssl                           1.0.1c-4
pn  proftpd-doc                       <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-sqlite                <none>

-- debconf information excluded

--- End Message ---
--- Begin Message ---
Package: proftpd-basic
Version: 1.3.4a-3

Fixed in unstable. Backported to 1.3.3 and stable (via DSA).

-- 
Francesco P. Lovergine

--- End Message ---

Reply via email to