Your message dated Wed, 23 Feb 2005 19:17:26 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#234292: fixed in wu-ftpd 2.6.2-18
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Feb 2004 00:51:46 +0000
>From [EMAIL PROTECTED] Sun Feb 22 16:51:46 2004
Return-path: <[EMAIL PROTECTED]>
Received: from sorgfalt.net (mail.sorgfalt.net) [217.160.169.191]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Av4K1-0000FA-00; Sun, 22 Feb 2004 16:51:46 -0800
Received: from pd9530eeb.dip.t-dialin.net ([217.83.14.235] helo=djpig.djpig.de)
by mail.sorgfalt.net with asmtp
(Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.35 (Sorgfalt))
id 1Av4K0-0003Xt-00; Mon, 23 Feb 2004 01:51:44 +0100
Received: from djpig by djpig.djpig.de with local (Exim 3.35 #1 (Debian))
id 1Av4Ju-0005Bk-00; Mon, 23 Feb 2004 01:51:38 +0100
From: Frank Lichtenheld <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: wu-ftpd: Upstream security fix available
X-Mailer: reportbug 1.50
Date: Mon, 23 Feb 2004 01:51:38 +0100
Message-Id: <[EMAIL PROTECTED]>
Sender: Frank Lichtenheld <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_22
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2004_02_22
X-Spam-Level:
Package: wu-ftpd
Version: N/A; reported 2004-02-23
Severity: grave
Tags: security patch
Justification: user security hole
FYI, there seems to be a new upstream security patch available which fixes
a potential security hole:
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch
--- wu-ftpd-2.6.2-orig/src/ftpd.c Thu Nov 29 17:56:11 2001
+++ wu-ftpd-2.6.2/src/ftpd.c Thu Jan 22 13:38:33 2004
@@ -1662,9 +1662,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux djpig 2.4.18-1-k7 #1 Sun Feb 1 04:47:25 MST 2004 i686
Locale: LANG=de_DE, LC_CTYPE=de_DE
---------------------------------------
Received: (at 234292-close) by bugs.debian.org; 24 Feb 2005 00:23:48 +0000
>From [EMAIL PROTECTED] Wed Feb 23 16:23:48 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D46nD-0002nH-00; Wed, 23 Feb 2005 16:23:48 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D46h4-0007f9-00; Wed, 23 Feb 2005 19:17:26 -0500
From: Chris Butler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#234292: fixed in wu-ftpd 2.6.2-18
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 23 Feb 2005 19:17:26 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 4
Source: wu-ftpd
Source-Version: 2.6.2-18
We believe that the bug you reported is fixed in the latest version of
wu-ftpd, which is due to be installed in the Debian FTP archive:
wu-ftpd_2.6.2-18.diff.gz
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-18.diff.gz
wu-ftpd_2.6.2-18.dsc
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-18.dsc
wu-ftpd_2.6.2-18_i386.deb
to pool/main/w/wu-ftpd/wu-ftpd_2.6.2-18_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Butler <[EMAIL PROTECTED]> (supplier of updated wu-ftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 22 Feb 2005 21:48:07 +0000
Source: wu-ftpd
Binary: wu-ftpd
Architecture: source i386
Version: 2.6.2-18
Distribution: unstable
Urgency: high
Maintainer: Chris Butler <[EMAIL PROTECTED]>
Changed-By: Chris Butler <[EMAIL PROTECTED]>
Description:
wu-ftpd - powerful and widely used FTP server
Closes: 156999 219165 231300 234292 236986 237328 243286 247764 254870 267177
267307 290813
Changes:
wu-ftpd (2.6.2-18) unstable; urgency=high
.
* Incorporates changes from NMUs
(closes: #267177, #231300, #243286, #254870, #234292, #267307, #236986)
* Fix DoS in the LIST command (closes: #219165)
* Remove '-g' option from ls arguments (closes: #247764)
* Compile with LFS support (closes: #156999, #290813)
* Compile with -DPARANOID by default (closes: #237328)
* Recode Catalan translation from latin1 to utf-8
Files:
2cfc2178b6edfff8843858d914e9e4a5 593 net extra wu-ftpd_2.6.2-18.dsc
e9c7fc7d0d08b7163f5cc15a07a8e3ca 124057 net extra wu-ftpd_2.6.2-18.diff.gz
003e320f3d2cf6a6d30426ee17b24e88 277868 net extra wu-ftpd_2.6.2-18_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCHRoTDzQFd9CXomERAtoKAJ0QgTRDZcnnt1NNVmbbbqll8e9SvgCfdi3X
sAZkNgNVph1v0C/CD7AvO3I=
=KBz5
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
