Your message dated Sun, 28 Oct 2007 14:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446192: fixed in wzdftpd 0.8.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wzdftpd
Version: 0.5.2-1.1sarge2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wzdftpd.
CVE-2007-5300[0]:
| Off-by-one error in the do_login_loop function in
| libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote
| attackers to cause a denial of service (daemon crash) via a long USER
| command that triggers a stack-based buffer overflow. NOTE: some of
| these details are obtained from third party information.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5300
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpNmcVzgussR.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: wzdftpd
Source-Version: 0.8.3-1
We believe that the bug you reported is fixed in the latest version of
wzdftpd, which is due to be installed in the Debian FTP archive:
wzdftpd-back-mysql_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-back-mysql_0.8.3-1_amd64.deb
wzdftpd-back-pgsql_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.3-1_amd64.deb
wzdftpd-dev_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-dev_0.8.3-1_amd64.deb
wzdftpd-mod-avahi_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.3-1_amd64.deb
wzdftpd-mod-perl_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-mod-perl_0.8.3-1_amd64.deb
wzdftpd-mod-tcl_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.3-1_amd64.deb
wzdftpd_0.8.3-1.diff.gz
to pool/main/w/wzdftpd/wzdftpd_0.8.3-1.diff.gz
wzdftpd_0.8.3-1.dsc
to pool/main/w/wzdftpd/wzdftpd_0.8.3-1.dsc
wzdftpd_0.8.3-1_amd64.deb
to pool/main/w/wzdftpd/wzdftpd_0.8.3-1_amd64.deb
wzdftpd_0.8.3.orig.tar.gz
to pool/main/w/wzdftpd/wzdftpd_0.8.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <[EMAIL PROTECTED]> (supplier of updated wzdftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 14 Oct 2007 10:24:39 +0200
Source: wzdftpd
Binary: wzdftpd-mod-perl wzdftpd-back-mysql wzdftpd-dev wzdftpd-mod-avahi
wzdftpd-back-pgsql wzdftpd wzdftpd-mod-tcl
Architecture: source amd64
Version: 0.8.3-1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[EMAIL PROTECTED]>
Changed-By: Pierre Chifflier <[EMAIL PROTECTED]>
Description:
wzdftpd - A portable, modular, small and efficient ftp server
wzdftpd-back-mysql - MySQL backend for wzdftpd
wzdftpd-back-pgsql - PostgreSQL backend for wzdftpd
wzdftpd-dev - Development files for wzdftpd
wzdftpd-mod-avahi - Zeroconf module for wzdftpd
wzdftpd-mod-perl - Perl module for wzdftpd
wzdftpd-mod-tcl - TCL module for wzdftpd
Closes: 446192
Changes:
wzdftpd (0.8.3-1) unstable; urgency=high
.
* New upstream release
* Ack NMU for security fix (Closes: #446192)
* Drop 10_new_pam_header and 20_config_typos, included in upstream
Files:
69ebd6a95d1a26bdab70e94e1fdcd02d 869 net optional wzdftpd_0.8.3-1.dsc
6114c32fc91786d9485fbc10c6306082 850981 net optional wzdftpd_0.8.3.orig.tar.gz
05dd33c0c28bcf3b202f18db07f92b68 20 net optional wzdftpd_0.8.3-1.diff.gz
118ac3985fcf29e37c5e807f1f8f62d3 282030 net optional wzdftpd_0.8.3-1_amd64.deb
1d7d5a18f58acf3158c178c0f79ce73c 41232 net optional
wzdftpd-back-mysql_0.8.3-1_amd64.deb
73684c084b54938820731e3a130bf72e 40660 net optional
wzdftpd-back-pgsql_0.8.3-1_amd64.deb
f87419b871c4b4f51039a73676bdd1c0 31524 net optional
wzdftpd-mod-avahi_0.8.3-1_amd64.deb
a372b125e9a69af0cfd3863b86c62a69 36348 net optional
wzdftpd-mod-tcl_0.8.3-1_amd64.deb
486f6fbd37298de84cc01e8e01af29dd 45256 net optional
wzdftpd-mod-perl_0.8.3-1_amd64.deb
7b1dec44b50f2176e7707c69c573496b 72664 libdevel optional
wzdftpd-dev_0.8.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHJJFctwVrWo1fQMsRAjs4AJ90F+C+QWzNa3wJswG2Jj8K2jqHkgCgr6nk
17UQK0C67kdZxswA0ZSIoOg=
=igOB
-----END PGP SIGNATURE-----
--- End Message ---
