Your message dated Mon, 20 Jan 2025 12:10:59 +0000
with message-id <[email protected]>
and subject line Bug#991329: fixed in vsftpd 3.0.5-0.1
has caused the Debian Bug report #991329,
regarding vsftpd: CVE-2021-3618
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vsftpd
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for vsftpd.
https://alpaca-attack.com/ affects vsftpd. It was fixed in the 3.0.4
release, these should be the relevant parts of
https://security.appspot.com/vsftpd/Changelog.txt:
* Close the control connection after 10 unknown commands pre-login.
* Reject any TLS ALPN advertisement that's not 'ftp'.
* Add ssl_sni_hostname option to require a match on incoming SNI hostname.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: vsftpd
Source-Version: 3.0.5-0.1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated vsftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jan 2025 12:19:33 +0100
Source: vsftpd
Architecture: source
Version: 3.0.5-0.1
Distribution: unstable
Urgency: medium
Maintainer: Keng-Yu Lin <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 975585 991329
Changes:
vsftpd (3.0.5-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release. (Closes: #991329)
Fixes CVE-2021-3618
.
[ Svante Signelle ]
* Fix init script for Hurd (Closes: #975585)
Checksums-Sha1:
922115de7e6fdaa00760e254970d0abc29137062 1854 vsftpd_3.0.5-0.1.dsc
0159531cc9f9fc6dd64cd734e2fd42601e44b5d9 197778 vsftpd_3.0.5.orig.tar.gz
1282c153e143299efe2563d655c3962fa8361faf 35908 vsftpd_3.0.5-0.1.debian.tar.xz
2fdf3e5ce965fe31e4c172f666b4b366ace03966 5856 vsftpd_3.0.5-0.1_arm64.buildinfo
Checksums-Sha256:
0b2f9a239fd9fda712664669165298e86a2d0bc1e5bd264e2340af153d42dbf8 1854
vsftpd_3.0.5-0.1.dsc
26b602ae454b0ba6d99ef44a09b6b9e0dfa7f67228106736df1f278c70bc91d3 197778
vsftpd_3.0.5.orig.tar.gz
0734c9ad93b9084efb82d4f47d35ec41b5edd99ceaf6ae8ac7b4b0f34bfdd04d 35908
vsftpd_3.0.5-0.1.debian.tar.xz
c114ce78575a3d01e30df99682d46143d41e1755e060157bbc53eb07111155a0 5856
vsftpd_3.0.5-0.1_arm64.buildinfo
Files:
53b75b57446dcba7f1bcb002a42e74ab 1854 net optional vsftpd_3.0.5-0.1.dsc
efbf362a65bec771bc15ad311f5a982e 197778 net optional vsftpd_3.0.5.orig.tar.gz
2c774a7c7b064520ded193e850c4bb8d 35908 net optional
vsftpd_3.0.5-0.1.debian.tar.xz
0c404a45931467c5598073601ab66f65 5856 net optional
vsftpd_3.0.5-0.1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmeHnHQACgkQXBPW25MF
LgPLuw//SMbDbwesFYIssC6jeBTDQP9jvvp4XxNR8G3fMKS+/tH+TTwPuZYJRK3c
6t7gMnAohrv/k1duIjHUDMRLqnqr7iX2nWDgMD5xWnN3pmbhVqtM+o67d8EMTOqc
XvM+7boU/l6ACdTT2toP402Edm4SbGmFwby6piCuuCQt2k4rWTK2TG2e7bpxNRQs
NrYFMYvh/W10tMUpQTsaN9RUXrZA+pMomN+YUagHyfZqCkQrNdELSeRCsgtODiUN
41wq7FdB0JFZUq201FL6mGphKLqoWJ//ZKLJXtYAiOQgIw3nBB6FfzpISjAieo0D
arIDrANcoj8leH6piq0n+Qzz7UjdIfwfbgycovgS8FUvz1xl/vUQ+lWWu/SDJfrI
m3jv+geRxt9wZ6V9acQ/rLzas5N8oqPmaLeElJG96m7YxNEKO097MbwnLBRxPgYb
SJlflAoTihZjqIgyK7v53Zc3owMX3VKG1BD1y86MLhV5iG42hJn8waVBCGq8v3GT
N3L4NsprvUiTzPTxlt4x1Qy3SsyHmwTQExIHCYr9o4UN8Yr6jGo2Ms0cgOuMDLTg
a+5oaBZ/XMBXLnBtrFX0m/ilZ/uBMDIuxAgro5TNncdJgz3YhdXIM1Z42DuOIUhn
ztPuKDBr/y3OfYdHmpHJLlknLteAbMePRXnxzwn+w6W0kL44Yng=
=cLP1
-----END PGP SIGNATURE-----
pgpdbrQ9przf2.pgp
Description: PGP signature
--- End Message ---
