Your message dated Sat, 24 May 2025 14:37:45 +0000
with message-id <e1uiq0p-00hsn5...@fasolo.debian.org>
and subject line Bug#1104531: fixed in vsftpd 3.0.5-0.2
has caused the Debian Bug report #1104531,
regarding vsftpd: /etc/vsftpd.conf enables connection of local users
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1104531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104531
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vsftpd
Version: 3.0.3-13+b2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hello.
Feel free to downgrade the severity if I am misunderstanding the
situation.
A fresh install of vsftpd accepts connection of local users by default,
that is /etc/vsftpd.conf contains local_enable=YES
/usr/share/doc/vsftpd/README.Debian says that
* this line should be commented
* uncommenting it is a bad idea
because the password would be transmitted without encryption
so this is most probably unwanted.
The documentation is also wrong for anonymous access (should be
enabled by default, actually disabled in the configuration file),
but this is a minor issue.
--- End Message ---
--- Begin Message ---
Source: vsftpd
Source-Version: 3.0.5-0.2
Done: Chris Hofstaedtler <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1104...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <z...@debian.org> (supplier of updated vsftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2025 13:17:12 +0200
Source: vsftpd
Architecture: source
Version: 3.0.5-0.2
Distribution: unstable
Urgency: medium
Maintainer: Keng-Yu Lin <ken...@debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Closes: 1104531
Changes:
vsftpd (3.0.5-0.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Correct README.Debian with regard to local and anonymous logins.
(Closes: #1104531)
Checksums-Sha1:
efa0f1ed5e880caa19b93d54ee550c9dd82b6d1d 1968 vsftpd_3.0.5-0.2.dsc
df837b6b0e6f830ea9deeb2512c179ad2c2fcd61 35732 vsftpd_3.0.5-0.2.debian.tar.xz
Checksums-Sha256:
91e85b1b7e9d441b66d21dfda4d2d33353ba07fea06438e5f82eca7b942b00b9 1968
vsftpd_3.0.5-0.2.dsc
66b5c986ecd609363b2709617fbe0dba52721a85d6eb5b52eaafd63b332f110a 35732
vsftpd_3.0.5-0.2.debian.tar.xz
Files:
cd91ff1d860adb1593e4515f36c10aa8 1968 net optional vsftpd_3.0.5-0.2.dsc
9e2c46fbe1e9a6d1a715f2a1545d6bb1 35732 net optional
vsftpd_3.0.5-0.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmgx0TQACgkQXBPW25MF
LgMdWRAAjhB8irnrCl2BYURcODhInv/lZyvfL1xl5wE9GgiQaJmGeZNCuHoMym0/
KCWlEUpxShIf24/ZZFi3aFyHir9Rg2F6mBHH8bLnHixYLUMFRikV7mHL8IgtEi5e
Sh4cQFRCQWpAkX1IjGty20AvOU6CG0LgWXVRUqvpMyDQstLhSp2rbnvlMpzR7Ev7
ChGhclJdlRUpTJiX51HMPIOVI+gAflCFD+8+EVIrQjHHx7KAqakUsvVYnLTlsWZk
6ny9eSqDTkmw/M2/jeYshSY+jCT8Da0/4LZ/onWiXkftbHr4jLBZBc+sFAgGUvKG
AFIw/s2cHcCQx9nRYbCwWMFhs68H3m4Hjv/fLT02hswkbqXHnqKHnK/zhLD4KDoC
X/k/b35K/t++QV2lHvoXfwkyv7AcvVIDkGw+Jn6vtCcAsCWf4GTBUZt18gKe1l5T
SpCeUO9eUHiwn3eeMfsALZDdxZamqceNyZWWze7wKPJ0m34ir4ZnaawpsF3A6kBu
bO4o3NA242hCmeaHZbH8ULbQzBouY2lAJEkN/2IT7kxa8TfLeWkDrANINu0Erwe6
L8e8JFqwz3ZbPDjuTv+HcdkVP5uQrqbLLCe9CB5BWPnc7/5resrnehTvue9flrIW
BSiCwt3UmSdKgFEDSZboLr4hnJTlKK5rGdWCs/tGyiHU4hAYrgI=
=HJhy
-----END PGP SIGNATURE-----
pgp62UwDK9EE4.pgp
Description: PGP signature
--- End Message ---
