Your message dated Tue, 08 Mar 2011 11:05:06 +0000
with message-id <e1pwuiw-0006nn...@franck.debian.org>
and subject line Bug#617334: fixed in pure-ftpd 1.0.30-1
has caused the Debian Bug report #617334,
regarding TLS security flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
617334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617334
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: pure-ftpd
tags: security
severity: grave
The new release 1.0.30 fixes a flaw similar to Postfix's CVE-2011-0411 by
clearing the command-line buffer after switching to TLS.
Reference:
http://tech.groups.yahoo.com/group/postfix-users/message/275069
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--- End Message ---
--- Begin Message ---
Source: pure-ftpd
Source-Version: 1.0.30-1
We believe that the bug you reported is fixed in the latest version of
pure-ftpd, which is due to be installed in the Debian FTP archive:
pure-ftpd-common_1.0.30-1_all.deb
to main/p/pure-ftpd/pure-ftpd-common_1.0.30-1_all.deb
pure-ftpd-ldap_1.0.30-1_amd64.deb
to main/p/pure-ftpd/pure-ftpd-ldap_1.0.30-1_amd64.deb
pure-ftpd-mysql_1.0.30-1_amd64.deb
to main/p/pure-ftpd/pure-ftpd-mysql_1.0.30-1_amd64.deb
pure-ftpd-postgresql_1.0.30-1_amd64.deb
to main/p/pure-ftpd/pure-ftpd-postgresql_1.0.30-1_amd64.deb
pure-ftpd_1.0.30-1.diff.gz
to main/p/pure-ftpd/pure-ftpd_1.0.30-1.diff.gz
pure-ftpd_1.0.30-1.dsc
to main/p/pure-ftpd/pure-ftpd_1.0.30-1.dsc
pure-ftpd_1.0.30-1_amd64.deb
to main/p/pure-ftpd/pure-ftpd_1.0.30-1_amd64.deb
pure-ftpd_1.0.30.orig.tar.gz
to main/p/pure-ftpd/pure-ftpd_1.0.30.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 617...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Hornburg (Racke) <ra...@linuxia.de> (supplier of updated pure-ftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 08 Mar 2011 08:30:11 +0100
Source: pure-ftpd
Binary: pure-ftpd-common pure-ftpd pure-ftpd-mysql pure-ftpd-postgresql
pure-ftpd-ldap
Architecture: source all amd64
Version: 1.0.30-1
Distribution: unstable
Urgency: high
Maintainer: Stefan Hornburg (Racke) <ra...@linuxia.de>
Changed-By: Stefan Hornburg (Racke) <ra...@linuxia.de>
Description:
pure-ftpd - Secure and efficient FTP server
pure-ftpd-common - Pure-FTPd FTP server (Common Files)
pure-ftpd-ldap - Secure and efficient FTP server with LDAP user authentication
pure-ftpd-mysql - Secure and efficient FTP server with MySQL user
authentication
pure-ftpd-postgresql - Secure and efficient FTP server with PostgreSQL user
authenticati
Closes: 617334
Changes:
pure-ftpd (1.0.30-1) unstable; urgency=high
.
* New upstream release, fixes TLS security flaw (Closes: #617334).
Checksums-Sha1:
babd4b788fc6a313de8750c0099d41061fbe5779 1304 pure-ftpd_1.0.30-1.dsc
e1b797723b7120d36ad76ada5950a3fe19008357 628282 pure-ftpd_1.0.30.orig.tar.gz
27e237264b492be6cd25b0fd30cbdb68352b7345 49206 pure-ftpd_1.0.30-1.diff.gz
54544c8d879b56605e2bbc7ace426d793a46ed57 181776
pure-ftpd-common_1.0.30-1_all.deb
029039a8ff4d729cbac6f4af82c23b668de47377 179360 pure-ftpd_1.0.30-1_amd64.deb
b07e8de76803e3fe661e07ba7cb4003d966e4efd 215148
pure-ftpd-mysql_1.0.30-1_amd64.deb
bf08613dbda9e125dcb38790c06effb4665db408 198086
pure-ftpd-postgresql_1.0.30-1_amd64.deb
ef6190da5d9f9685b1d059c496c09ef56f849a2c 195238
pure-ftpd-ldap_1.0.30-1_amd64.deb
Checksums-Sha256:
d21cf67004803b7028598a7fc3a5174a66c50b6cf260b9dc818029a4ae981c77 1304
pure-ftpd_1.0.30-1.dsc
37fa30f5c1bae3c0420835cbe4c1b0281bf8cb010efd9fd042531a7c98b99aef 628282
pure-ftpd_1.0.30.orig.tar.gz
2dca868a661c05e56f1167db9a037efe6e24b468632e7ac5f4536ad737b49b73 49206
pure-ftpd_1.0.30-1.diff.gz
f800e59a484b881c9719f82a0f486bd4c007cfee690aa3b380f47cff10a84c8f 181776
pure-ftpd-common_1.0.30-1_all.deb
c6c0fedb544e0fb2856390165a71655a6e24e49134fbd2f16b5bb892ea787778 179360
pure-ftpd_1.0.30-1_amd64.deb
3c600ea8e216d82c5bc80ea79de4398600c16454afc9578e6f578c67b10ca7ba 215148
pure-ftpd-mysql_1.0.30-1_amd64.deb
d15b1194d0a55526c22bc919eaddad9c6600e4caf7ceb53aec66a044113f58f6 198086
pure-ftpd-postgresql_1.0.30-1_amd64.deb
5989204d76b1e14bdd42dc3ed03cf13301508661657e13a3ea70f510cf8b368b 195238
pure-ftpd-ldap_1.0.30-1_amd64.deb
Files:
a02e814d1cd250b67bd3abce08ea1164 1304 net optional pure-ftpd_1.0.30-1.dsc
fc02e1c16905ce2dbb596c3b520a863e 628282 net optional
pure-ftpd_1.0.30.orig.tar.gz
fe8bd6e5bca263109dbd524b3b86a201 49206 net optional pure-ftpd_1.0.30-1.diff.gz
35e3b03e124ebf3432907b0cd5b5786e 181776 net optional
pure-ftpd-common_1.0.30-1_all.deb
fd2e9381340ae5615082854e3a2859e9 179360 net optional
pure-ftpd_1.0.30-1_amd64.deb
bcb034781787048e504c64951ac18661 215148 net optional
pure-ftpd-mysql_1.0.30-1_amd64.deb
f600ffc8ba11c1da36566ba605d08936 198086 net optional
pure-ftpd-postgresql_1.0.30-1_amd64.deb
d70396c70ccc453806042ee20dddc1bd 195238 net optional
pure-ftpd-ldap_1.0.30-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk119bkACgkQjgVfE5tya3GbqwCfeVaRF6e8szI4A91eLLAH6Xvb
FY4An1nBdwO0mj/A9e60FO1AZ1K684ij
=RfB9
-----END PGP SIGNATURE-----
--- End Message ---
