Your message dated Wed, 26 Feb 2020 09:09:30 +0000
with message-id <[email protected]>
and subject line Bug#952471: fixed in pure-ftpd 1.0.49-3
has caused the Debian Bug report #952471,
regarding pure-ftpd: CVE-2020-9365
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
952471: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952471
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pure-ftpd
Version: 1.0.49-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for pure-ftpd.
CVE-2020-9365[0]:
| An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB)
| read has been detected in the pure_strcmp function in utils.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9365
[1]
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: pure-ftpd
Source-Version: 1.0.49-3
Done: Stefan Hornburg (Racke) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pure-ftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <[email protected]> (supplier of updated pure-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 26 Feb 2020 08:14:52 +0100
Source: pure-ftpd
Architecture: source
Version: 1.0.49-3
Distribution: unstable
Urgency: medium
Maintainer: Stefan Hornburg (Racke) <[email protected]>
Changed-By: Stefan Hornburg (Racke) <[email protected]>
Closes: 952471
Changes:
pure-ftpd (1.0.49-3) unstable; urgency=medium
.
* Fix out-of-bounds (OOB) read in the pure_strcmp function: CVE-2020-9365
(Closes: #952471).
Checksums-Sha1:
24a0c436e10dd45f8a0e14f54bd4ac35f6f87f64 2221 pure-ftpd_1.0.49-3.dsc
6547d641f572fc9de50e247d753bf933a0db41cc 45356 pure-ftpd_1.0.49-3.debian.tar.xz
ab15ec34cedae8ec7bc4fa02563a444b2940efe9 9693
pure-ftpd_1.0.49-3_amd64.buildinfo
Checksums-Sha256:
850ad851a6aedaa8caa62bffdb28a70303d2e3f6eb9c0872b8528ae1379ee8e5 2221
pure-ftpd_1.0.49-3.dsc
ed0404b824c39abc5ae9c80da691afb9bdda946cd799c408e6b553c9b090685d 45356
pure-ftpd_1.0.49-3.debian.tar.xz
56730b3d03dbc1697fd883773e05026b78959839457d79b0b0f3a1c3a1159fc5 9693
pure-ftpd_1.0.49-3_amd64.buildinfo
Files:
b26e237f84d2d1e453fedfed01095597 2221 net optional pure-ftpd_1.0.49-3.dsc
a0b46f9e0460efa650ee27c58126b6de 45356 net optional
pure-ftpd_1.0.49-3.debian.tar.xz
b96e5526470d8e1a464ab30e1fe34cb3 9693 net optional
pure-ftpd_1.0.49-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE1oFJdaJ3d0yY0N/vW5MBW/onIPgFAl5WMiMRHHJhY2tlQGxp
bnV4aWEuZGUACgkQW5MBW/onIPguag/7BaIvSuT7teDF5vgjBjq4VyDBaxsX0+Vy
fK1oqPj1R5MylrO8AP2xtKVr4g7M8Tx7iliv4K1aNyDQoUyu5+aE1Mvh8ydzeJEp
a8hrM+uU59MKFYSE3wt+zO9o2kb1N/QwHUgykY922wFOU7ljajT8lKrvgeYjkWKb
xKF99aXjIslvOulli7NgFkHlJAdUWqWJwb0lKlRvJmDpcl3kEPh7Andc1EQM88Lm
YAPnbdvvF2zHVCIgBMw+6J1sifcKleZuXEKMjK+UiS2AB7nzV/q7IbaAnQMQ7Y42
7ADhFwU0MDGKEkN9AEWJx6+Urqq1h5OIPvuVjgDxyUso+aXDB5sagAALGVBjZWVY
VvshjNmAy+Kye64+xWgwckJZ8D8kyVzUqSK34k/88/YkanMS8podgaZ+LU46bSnV
RAIw6EIbcJzsWYBUqEFYLdRJAreq88/ZG2vWM6m6aAHF+34QV3P79a1cf2WnmBLp
Stg/TpFduft8Pw8d1q/fgkcZu5wh13uRNkdt2leFfMdvAUFkEE/ZY5+gXXCg8YL5
wPd++N1r2+Kl9ytiGIaQkdmNQy8X/VIBfXQzzopTh1zlivDOU/KX2nMOkQpgDTgZ
eK52ds3G8Dhaq0rFAEXbwcy0iefGi0K/vuN2aBZehZ/NFotb5sRFvrtlQU709Bsb
hnSuUZYJC1I=
=VRJc
-----END PGP SIGNATURE-----
--- End Message ---
