Your message dated Tue, 01 Oct 2013 19:17:05 +0000 with message-id <e1vr5rr-00057m...@franck.debian.org> and subject line Bug#723179: fixed in proftpd-dfsg 1.3.4a-5+deb7u1 has caused the Debian Bug report #723179, regarding proftpd-dfsg: CVE-2013-4359 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 723179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723179 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: proftpd-dfsg Severity: important Tags: security upstream Hi, the following vulnerability was published for proftpd-dfsg. CVE-2013-4359[0]: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As far I can read in references however, keyboard interactive authentication is rare as not enabled by default. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359 http://security-tracker.debian.org/tracker/CVE-2013-4359 [1] http://marc.info/?l=oss-security&m=137914240227778&w=2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: proftpd-dfsg Source-Version: 1.3.4a-5+deb7u1 We believe that the bug you reported is fixed in the latest version of proftpd-dfsg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 723...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <n...@debian.org> (supplier of updated proftpd-dfsg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Sep 2013 16:49:45 +0000 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: source amd64 all Version: 1.3.4a-5+deb7u1 Distribution: stable-security Urgency: high Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintain...@lists.alioth.debian.org> Changed-By: Nico Golde <n...@debian.org> Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 723179 Changes: proftpd-dfsg (1.3.4a-5+deb7u1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint authentication leading to DoS conditions (CVE-2013-4359; Closes: #723179). Checksums-Sha1: 1c6f1a576a2dd6a202ebc83cff755a18c914cd75 2597 proftpd-dfsg_1.3.4a-5+deb7u1.dsc 3ba91faf3d8cb6132053f4139f2ea75afda2b602 7454087 proftpd-dfsg_1.3.4a.orig.tar.gz 2ad0e79247ec139da226a95ae0ad39f475722c8c 100824 proftpd-dfsg_1.3.4a-5+deb7u1.debian.tar.gz 5c3cb69629de8dda892c3b5764e267687d298bc8 2556076 proftpd-basic_1.3.4a-5+deb7u1_amd64.deb fb26dfcdc225903f04eda3db85f01cc2d7f0c217 1008848 proftpd-dev_1.3.4a-5+deb7u1_amd64.deb 240d50331abc3554519b21641c466084a6ca4f4b 400416 proftpd-mod-mysql_1.3.4a-5+deb7u1_amd64.deb 1c16360aad98812e3bf61759c12d4553b3ff6c5a 400054 proftpd-mod-pgsql_1.3.4a-5+deb7u1_amd64.deb 71885ab0ea8a6c9ee156d3452bde7db78c1ec377 409462 proftpd-mod-ldap_1.3.4a-5+deb7u1_amd64.deb 2045be8601f7b8d778a59377644599b226b10bd2 401570 proftpd-mod-odbc_1.3.4a-5+deb7u1_amd64.deb 1ca3a30e2326a487ca44af86c6d17e3c7853e8f5 399328 proftpd-mod-sqlite_1.3.4a-5+deb7u1_amd64.deb d9c5511e7dfa0da78fc0ab6960e3c29186708bc6 1610074 proftpd-doc_1.3.4a-5+deb7u1_all.deb Checksums-Sha256: 7b165975012b3f69b40785bf4d84be82584cfcd34952894702e840c7919d71d6 2597 proftpd-dfsg_1.3.4a-5+deb7u1.dsc 2068f55e5243a334dbe2f6e3dbb214f8f2be1c7ae3313573b8cd5a77530cdfda 7454087 proftpd-dfsg_1.3.4a.orig.tar.gz 603daff5faeee1e14c778122a9f959fd12d277fb180c5b5962dff4ef4d07591d 100824 proftpd-dfsg_1.3.4a-5+deb7u1.debian.tar.gz c545d70413794ab3e5ff90a214ba0745cd1bf298b4b903235b2ce4ccb87fe43a 2556076 proftpd-basic_1.3.4a-5+deb7u1_amd64.deb edf3f06c8500729df593bd7829c439c7bf484f38fa80025afd4c29b5f07dec19 1008848 proftpd-dev_1.3.4a-5+deb7u1_amd64.deb 6da8710de840fcf54b6c59ecf6506f2c5848bcf62f31755c2ba6b97e5969eda7 400416 proftpd-mod-mysql_1.3.4a-5+deb7u1_amd64.deb 68f57d86300591ff4f87a05ed85a25b6aa627019f9590cebdd7be26c4594e19f 400054 proftpd-mod-pgsql_1.3.4a-5+deb7u1_amd64.deb 969536d9820d3fcb329d19aaa192984d4535e08ae4c31ff2a0aa2cbe0c47e430 409462 proftpd-mod-ldap_1.3.4a-5+deb7u1_amd64.deb b1587ba90b2ce79c77167771ec4fcd7abfa7c7c004ec0ed5c4e0ee47b127ac3d 401570 proftpd-mod-odbc_1.3.4a-5+deb7u1_amd64.deb 3e09de642c79caf57d2a2acc365e86af92857f2a58c18c604ef78823fb8d613e 399328 proftpd-mod-sqlite_1.3.4a-5+deb7u1_amd64.deb f67b985cae631e3b66db10da83e24338a1d26e76c4fc2b7a0e36dc18fb370fa6 1610074 proftpd-doc_1.3.4a-5+deb7u1_all.deb Files: ce3870b1abdb8508fb4af08219db2983 2597 net optional proftpd-dfsg_1.3.4a-5+deb7u1.dsc 5a5959f9092cb08144538e85d63f6b52 7454087 net optional proftpd-dfsg_1.3.4a.orig.tar.gz 192fb102dbeb5de3133737bf6f0200e5 100824 net optional proftpd-dfsg_1.3.4a-5+deb7u1.debian.tar.gz 4c78b53d51760686fcbda2abfaece72e 2556076 net optional proftpd-basic_1.3.4a-5+deb7u1_amd64.deb ef928da6f91dd5a0e8b92bac296f9748 1008848 net optional proftpd-dev_1.3.4a-5+deb7u1_amd64.deb 8751880dcbdb7d3121797d264a4396b3 400416 net optional proftpd-mod-mysql_1.3.4a-5+deb7u1_amd64.deb d989c89054af958fdd9e3bdd7236ebd1 400054 net optional proftpd-mod-pgsql_1.3.4a-5+deb7u1_amd64.deb f19f235c9bb3b5e1f6f19c33ed410956 409462 net optional proftpd-mod-ldap_1.3.4a-5+deb7u1_amd64.deb 91973a83130e2fabe418ccbae4816ab8 401570 net optional proftpd-mod-odbc_1.3.4a-5+deb7u1_amd64.deb 4e9df5aba0b7cd6a5c2d1a5aebd7eeb0 399328 net optional proftpd-mod-sqlite_1.3.4a-5+deb7u1_amd64.deb fd760b960e1b53dc8e62e794ba2db99c 1610074 doc optional proftpd-doc_1.3.4a-5+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSRzA9AAoJEM1LKvOgoKqqmNsQAJjZyU/ic8li+aCjPUP97tnF WT8z4A76xOBpDs+UXQuyxpJA+oI6mXCed8N4oZ4hCyVyu6rhXAP3s7Hpc0nSYteq YlfnnLMI4BLqGrH0FKqyLzAzVvr9fFLKyj/9A6js2fcksxuJuNCMrnHy+50Y9AI7 UBHzRKCB0gyQS34xSHOOmD3KsjXnEr9vTOrV0A66EgPhG+UIbLbupNGrExQown41 QPvWy4Qfbq8eWddhw32l77kWp7QnvN/9Vz0T4LE57DyhFK3zSVNGNFXTS2JVYfVM IQidxQtDcXJTUYAxGJdcZCpyXVTaQHJLaG5gSf6UwEYdDJJO8WQbE42dQ1mWR+Sj wzKlmPAaT3/Szeuy2sMKzwZkOFX5PfPrGDDkZT71sBEUMOnVYre2QgAYzI1lqZpA FBAOsSPRQwm/hSWfwVWCzeoSoK4gwOXl4yPwUCc1cNiixcH5el3kZnIiSVvJBf4z fpZDrY1qy/7DBr3PcSM7m11Zjs+HC/lGpPR9HB1dmuSUFQm0cQrWKpPOoRYRZoVP pe5+A7SDh6wGIBrRVAsF32js0aXXbYy4d8Z1s7Dc3YDPRGZz41VMVKnX6Hs3ApBB WOIqxHvjPjZ8OAqdv+PfTtRZK3i3DibSbu0Sy1fPlFHfHDg1wqamY6omrPMNc64M P9GL8GxSez18L4KS8B4t =jXWT -----END PGP SIGNATURE-----
--- End Message ---
