Your message dated Tue, 01 Oct 2013 19:17:44 +0000 with message-id <e1vr5s4-0005gj...@franck.debian.org> and subject line Bug#723179: fixed in proftpd-dfsg 1.3.3a-6squeeze7 has caused the Debian Bug report #723179, regarding proftpd-dfsg: CVE-2013-4359 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 723179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723179 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: proftpd-dfsg Severity: important Tags: security upstream Hi, the following vulnerability was published for proftpd-dfsg. CVE-2013-4359[0]: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As far I can read in references however, keyboard interactive authentication is rare as not enabled by default. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359 http://security-tracker.debian.org/tracker/CVE-2013-4359 [1] http://marc.info/?l=oss-security&m=137914240227778&w=2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: proftpd-dfsg Source-Version: 1.3.3a-6squeeze7 We believe that the bug you reported is fixed in the latest version of proftpd-dfsg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 723...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <n...@debian.org> (supplier of updated proftpd-dfsg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Sep 2013 16:49:44 +0000 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: source amd64 all Version: 1.3.3a-6squeeze7 Distribution: oldstable-security Urgency: high Maintainer: Francesco Paolo Lovergine <fran...@debian.org> Changed-By: Nico Golde <n...@debian.org> Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 723179 Changes: proftpd-dfsg (1.3.3a-6squeeze7) oldstable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint authentication leading to DoS conditions (CVE-2013-4359; Closes: #723179). Checksums-Sha1: c43d85909791021ad7d91c00522746c4394d54f0 2066 proftpd-dfsg_1.3.3a-6squeeze7.dsc 2baa4767769a540c88580d754b067c7d70efbf7e 111688 proftpd-dfsg_1.3.3a-6squeeze7.diff.gz e22d152defa99ceb0357cb7112fdb77a3833f19d 2406778 proftpd-basic_1.3.3a-6squeeze7_amd64.deb 5d3b093ea00a1ee618f9c4c000e454b9280eaada 892910 proftpd-dev_1.3.3a-6squeeze7_amd64.deb 524377ed50dc06f81dc3c57da4fb7970d9218f7e 347456 proftpd-mod-mysql_1.3.3a-6squeeze7_amd64.deb 1209bf9c761d348087e25efaedb5bcb363c7bfb9 347130 proftpd-mod-pgsql_1.3.3a-6squeeze7_amd64.deb bb4f8970f83c17c3ef4bb1cd1c89061aa2e053e6 357250 proftpd-mod-ldap_1.3.3a-6squeeze7_amd64.deb b33a5e68e48b69f84a1fc24ce3fd56b0db5a0b1a 348788 proftpd-mod-odbc_1.3.3a-6squeeze7_amd64.deb ce1b0bf5977a1c33ab1d9c94321d1fe84b523756 346472 proftpd-mod-sqlite_1.3.3a-6squeeze7_amd64.deb 3bd6ae9ae15865e5ae73c12caa2d2142bcad829e 1508634 proftpd-doc_1.3.3a-6squeeze7_all.deb Checksums-Sha256: 879e64547f821a497c821882e9c21329767756b35a7abf3966acefba15fb72dd 2066 proftpd-dfsg_1.3.3a-6squeeze7.dsc e5ac992cd9c44dae15a604af55bc72395290513fbc829c17e73a7161763dcf94 111688 proftpd-dfsg_1.3.3a-6squeeze7.diff.gz a0d07e4d8bf67113c86af484e2b0c7ef58015a8b9df560524e843036b9eef3bb 2406778 proftpd-basic_1.3.3a-6squeeze7_amd64.deb f3699f232559e5f543178f2f8e80b12edb36635eaad9b9fe6049adb7c2c35d15 892910 proftpd-dev_1.3.3a-6squeeze7_amd64.deb b952a7a9175cf816ce6ec0455ad17796d7aa50c6a9a27aeb360c5bfa0f217be1 347456 proftpd-mod-mysql_1.3.3a-6squeeze7_amd64.deb 38769fb10564860e83187e3f7dbf9ccc9512ff8f8e8b376fa6af4cb88f74531a 347130 proftpd-mod-pgsql_1.3.3a-6squeeze7_amd64.deb ee1b903ef72715aa81e3a377e34dc9b7b55c9ccfae002b24b91eefc284646f02 357250 proftpd-mod-ldap_1.3.3a-6squeeze7_amd64.deb 32d1610ce90633c3cfc7c610ac7e9616c6f198f90c1045c45712ba1c5e5c97ac 348788 proftpd-mod-odbc_1.3.3a-6squeeze7_amd64.deb 4f0c4387777cd96f7ac1fd4e0982751802f3e652464ae4253b4418c42962d8d6 346472 proftpd-mod-sqlite_1.3.3a-6squeeze7_amd64.deb 91b53aced6c9fd94d96178dabcbbb8310135898137d40d0b554dcecb07466fc4 1508634 proftpd-doc_1.3.3a-6squeeze7_all.deb Files: 123e85cf26fbf0ef699682669cec7f07 2066 net optional proftpd-dfsg_1.3.3a-6squeeze7.dsc 971b408686eff4d643810a3160dec2a6 111688 net optional proftpd-dfsg_1.3.3a-6squeeze7.diff.gz d7f23106f85e2abf0cdfe10bed83ab54 2406778 net optional proftpd-basic_1.3.3a-6squeeze7_amd64.deb 0465b6afc6a49209aaa542f80cf12232 892910 net optional proftpd-dev_1.3.3a-6squeeze7_amd64.deb e9d522f80dd7c090de4fb8561b08074a 347456 net optional proftpd-mod-mysql_1.3.3a-6squeeze7_amd64.deb 000f46cbfe417f29d4f2cf2235fc1d60 347130 net optional proftpd-mod-pgsql_1.3.3a-6squeeze7_amd64.deb e01b89774a46ae4cdb0b3e42eb184d1b 357250 net optional proftpd-mod-ldap_1.3.3a-6squeeze7_amd64.deb 174dca08d83ea777eeb68c59aae8d757 348788 net optional proftpd-mod-odbc_1.3.3a-6squeeze7_amd64.deb 3f5a546934bd085e1b77b77cb4cd95c9 346472 net optional proftpd-mod-sqlite_1.3.3a-6squeeze7_amd64.deb 53aff8b046dfec3ac5f20b8409751d38 1508634 doc optional proftpd-doc_1.3.3a-6squeeze7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSRw0MAAoJEM1LKvOgoKqqolMP/1qegz1ykK2vs2P6J/LYdWXj c2PSTsvho2HLmKYSe273IXGSqm89CAMf+oKXMb9vB282XJojDlpb8I5rmcXJuDln LPLX2vzHlbxGAWlS3u3hjLkj6jsWCCKNf5EUqaW7HhtPnYAVLOjztGI5RIVCo+18 Qj7Ju+hHNulGw9HTwEHNWzIUoWPRETGXONEDDb7cPhhPmJjeJFsrCkD7vz4LUdPM wX6h2qgJQGLTTFU/2DzPlE8mF1JBaxqTeUe++B2RIEfToElnTG867Cb6QPMmaj6L cKexX+eh6PXY3yH680vPvlkhV+7cmWYnwqbCFcTcNZUSgCZ/x+1EU8DhRDOHLCGV tAMcS4kc2hn8dsOO/3Qy1Ss7E745DUNPDKQMiXEMoWsxokcgfU7RHmM2B4gvvL/f A/QVw9nq1b2VEttcJoLmzuPLEjwAbwhdB3/xAzXXAIrCTO9d4XW7AU0iqHq/XV5H 9w6nlJc3C9praGlo0+TZGdnPnZSNvjE2kTwDcPs+8RFsBzrnWRUqCJ2Uy0d1MXcR 45jXYIs/ZkeVX41DFyXMJXd+tArDTOse30GOA69xHfjpKH11RkiHoIIuKEQajD+M /8RBDX6SWSzDqatt1zKsvd41QHpuTEXJxuuVugXpRT4/bZ2eaZuD6OOYanuKLMJq Ls4YGaTHseIQ5Yw8igmX =aadv -----END PGP SIGNATURE-----
--- End Message ---
