Bug#295714: marked as done (gftp: DSA 686-1: directory traversal vulnerability)

Debian Bug Tracking System Fri, 25 Feb 2005 12:09:45 -0800

Your message dated Fri, 25 Feb 2005 11:48:18 -0800
with message-id <[EMAIL PROTECTED]>
and subject line gftp: DSA 686-1: directory traversal vulnerability
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Feb 2005 16:26:37 +0000
>From [EMAIL PROTECTED] Thu Feb 17 08:26:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from farad.aurel32.net [82.232.2.251] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D1oU8-00040w-00; Thu, 17 Feb 2005 08:26:36 -0800
Received: from bode.aurel32.net ([2001:618:400:6439:2e0:18ff:fea3:b80f])
        by farad.aurel32.net with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16)
        (Exim 4.34)
        id 1D1oU7-0003pa-5D; Thu, 17 Feb 2005 17:26:35 +0100
Received: from aurel32 by bode.aurel32.net with local (Exim 4.34)
        id 1D1oU6-0006yh-Mm; Thu, 17 Feb 2005 17:26:34 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Aurelien Jarno <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: gftp: DSA 686-1: directory traversal vulnerability
X-Mailer: reportbug 3.2
Date: Thu, 17 Feb 2005 17:26:34 +0100
Message-Id: <[EMAIL PROTECTED]>
Sender: Aurelien Jarno <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
        HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: gftp
Version: 2.0.17+cvs20050102-3
Severity: critical
Tags: security, sarge

DSA 686-1:
----------
Albert Puigsech Galicia discovered a directory traversal vulnerability
in a proprietary FTP client (CAN-2004-1376) which is also present in
gftp, a GTK+ FTP client.  A malicious server could provide a specially
crafted filename that could cause arbitrary files to be overwritten or
created by the client.


This problem has been fixed in version 2.0.18-1, however Sarge has still
version 2.0.17+cvs20050102-3. gftp version 2.0.18-1 is only waiting for 
gtk+2.0 in order to move to Sarge.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)

Versions of packages gftp depends on:
ii  gftp-gtk                      2.0.18-1   X/GTK+ FTP client
ii  gftp-text                     2.0.18-1   colored FTP client using GLib

-- no debconf information

---------------------------------------
Received: (at 295714-done) by bugs.debian.org; 25 Feb 2005 19:48:25 +0000
>From [EMAIL PROTECTED] Fri Feb 25 11:48:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) 
[66.93.39.86] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D4lRp-0004hr-00; Fri, 25 Feb 2005 11:48:25 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
        id 350B3171D64; Fri, 25 Feb 2005 11:48:18 -0800 (PST)
Date: Fri, 25 Feb 2005 11:48:18 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: gftp: DSA 686-1: directory traversal vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--zx4FCpZtqtKETZ7O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

gftp_2.0.18-1 has been accepted into sarge today, therefore I believe this
bug can be closed.

Thanks,
--=20
Steve Langasek
postmodern programmer

--zx4FCpZtqtKETZ7O
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCH4D+KN6ufymYLloRAuJWAKDIZtMC/D/LMYVzXbI/PU3hAeXFEwCdGAW4
pI7AKWCOJT4lPraRhPRYpRs=
=iDgv
-----END PGP SIGNATURE-----

--zx4FCpZtqtKETZ7O--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#295714: marked as done (gftp: DSA 686-1: directory traversal vulnerability)

Reply via email to