Your message dated Mon, 07 Oct 2013 13:49:43 +0000 with message-id <e1vtbbv-000733...@franck.debian.org> and subject line Bug#723179: fixed in proftpd-dfsg 1.3.5~rc3-2.1 has caused the Debian Bug report #723179, regarding proftpd-dfsg: CVE-2013-4359 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 723179: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723179 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: proftpd-dfsg Severity: important Tags: security upstream Hi, the following vulnerability was published for proftpd-dfsg. CVE-2013-4359[0]: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As far I can read in references however, keyboard interactive authentication is rare as not enabled by default. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359 http://security-tracker.debian.org/tracker/CVE-2013-4359 [1] http://marc.info/?l=oss-security&m=137914240227778&w=2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: proftpd-dfsg Source-Version: 1.3.5~rc3-2.1 We believe that the bug you reported is fixed in the latest version of proftpd-dfsg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 723...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated proftpd-dfsg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 05 Oct 2013 14:51:36 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5~rc3-2.1 Distribution: unstable Urgency: low Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 699647 723179 Changes: proftpd-dfsg (1.3.5~rc3-2.1) unstable; urgency=low . * Non-maintainer upload. * Add CVE-2013-4359.patch patch. CVE-2013-4359: Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint authentication leading to DoS conditions. (Closes: #723179) * Correct Breaks and Replaces on proftpd-mod-geoip package. The old proftpd-mod-geoip addon module is now obsoleted by core proftpd. Adjusted the Breaks/Replaces to 1.3.5~rc1-1 which introduced the geoip module in proftpd core. Thanks to Andreas Beckmann <a...@debian.org> (Closes: #699647) Checksums-Sha1: be6e61e65a1b1aac9ad1d29ba39a1e30c23cae30 2715 proftpd-dfsg_1.3.5~rc3-2.1.dsc 74e332caaa4ecf68cfe2f91afdb9e1500965abfa 100140 proftpd-dfsg_1.3.5~rc3-2.1.debian.tar.gz cefebebe1ea2e364e437d325774350e4028a9237 2413432 proftpd-basic_1.3.5~rc3-2.1_amd64.deb a7daa6ae59733b88842808c4f9b6597149763c46 923560 proftpd-dev_1.3.5~rc3-2.1_amd64.deb f042b84963545d3f3566073410b57cdab7704a13 457190 proftpd-mod-mysql_1.3.5~rc3-2.1_amd64.deb c74ab3b4bf90e54fad2b7e6212cf5bb4079ad040 456826 proftpd-mod-pgsql_1.3.5~rc3-2.1_amd64.deb f51dfae22d94fb156d770290f93d14296316316e 464192 proftpd-mod-ldap_1.3.5~rc3-2.1_amd64.deb 636fe478655668adecd7eedd9e84464875f88b9b 458104 proftpd-mod-odbc_1.3.5~rc3-2.1_amd64.deb 1a3d06c0d2d06d2c2bd2c2505335d415e98a0ae4 456248 proftpd-mod-sqlite_1.3.5~rc3-2.1_amd64.deb 5fe72636392d6607d935db9198e5edad3d0c77be 457524 proftpd-mod-geoip_1.3.5~rc3-2.1_amd64.deb 4bc14def5c59c384be6f5dff912af19454b4b05d 907656 proftpd-doc_1.3.5~rc3-2.1_all.deb Checksums-Sha256: d5c4aa8c8599d8d36c44b21948213cbde37d6f885d67ee797775451d28f74d61 2715 proftpd-dfsg_1.3.5~rc3-2.1.dsc 7b1571670bdf6979b4aa8fd22000ea01d5c03f570d1bf7b2f51271e5bd1c6c28 100140 proftpd-dfsg_1.3.5~rc3-2.1.debian.tar.gz 243b169f35500bc15d2b524bf16cfefdef4cf3617074fc67891aa1cfcfc8d188 2413432 proftpd-basic_1.3.5~rc3-2.1_amd64.deb 75090f80f2f12d246aa63bb66630f5661fa160f26fc897aa62052fff25d01fb3 923560 proftpd-dev_1.3.5~rc3-2.1_amd64.deb e05b61a5ae403d70c724a57d1532a2e5be4ef06f3e094f12a63bf6067e8d1834 457190 proftpd-mod-mysql_1.3.5~rc3-2.1_amd64.deb 34984ea532a89a250e31d5acb52c130e8cef3a4b393df1d97fbb13720c629e50 456826 proftpd-mod-pgsql_1.3.5~rc3-2.1_amd64.deb 44a3ce2d09144ba787a65dd7bececfff13b150e9fdd171ca08001d39970d5b06 464192 proftpd-mod-ldap_1.3.5~rc3-2.1_amd64.deb f5509477f592e63db7a4e01beed6f788853771904686e1f851eb04de377877d9 458104 proftpd-mod-odbc_1.3.5~rc3-2.1_amd64.deb aa28fa2fafee955864f8947d95e2c1b2424fdc0c4bb8deaa1734e34793db174e 456248 proftpd-mod-sqlite_1.3.5~rc3-2.1_amd64.deb f4e72dab622e4cd3140356287ead7852c35a10b743f932a7f92c891a2d7116eb 457524 proftpd-mod-geoip_1.3.5~rc3-2.1_amd64.deb 0ef6e47054778b4f1498fef933f05261cbf8cb618dff11bb2e516cd113becdba 907656 proftpd-doc_1.3.5~rc3-2.1_all.deb Files: 53a49f6b43f5725757bee6b04c681fdd 2715 net optional proftpd-dfsg_1.3.5~rc3-2.1.dsc 1bf0b6da7675593c58721b4b8dda0f79 100140 net optional proftpd-dfsg_1.3.5~rc3-2.1.debian.tar.gz 65ef9bf6e530d34da39d5cf942e063a1 2413432 net optional proftpd-basic_1.3.5~rc3-2.1_amd64.deb 1434461da4980e31ee7daaf58f355732 923560 net optional proftpd-dev_1.3.5~rc3-2.1_amd64.deb 57ef68dd8eb31a6aafece597a8bfb5af 457190 net optional proftpd-mod-mysql_1.3.5~rc3-2.1_amd64.deb 2aaed936bb51b15cae3016fe939ff853 456826 net optional proftpd-mod-pgsql_1.3.5~rc3-2.1_amd64.deb a88d9cabc71106e573ccb8efd3c5735b 464192 net optional proftpd-mod-ldap_1.3.5~rc3-2.1_amd64.deb f55d77b9ad5a84c93d2a3a490e7ab752 458104 net optional proftpd-mod-odbc_1.3.5~rc3-2.1_amd64.deb fff2299a8911636af035b6abbb0af765 456248 net optional proftpd-mod-sqlite_1.3.5~rc3-2.1_amd64.deb 1fd41f0a4ee0b106be74f856e8e36676 457524 net optional proftpd-mod-geoip_1.3.5~rc3-2.1_amd64.deb 7c355efbf24c0e0135ccd28a9363f484 907656 doc optional proftpd-doc_1.3.5~rc3-2.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSUA5+AAoJEHidbwV/2GP+wPoQAPA59nlTTsTVMnPY+tyQ+Twt 7nqa7rDh6G3GgUhKcfbe7yEof1PF9tbfI+u8eLaCHlpVYlNgFG2bkEF4M6c36Vk+ kOnd6AyQLsLRzbp8BjKXBmEBR1YSksBdIENdNSQjsY4izBtCGqYMO2nQu4uDGn/5 GUF2M1sx8PseDTKaw8uKBBrg75SMhKiPcF84tsx7w2TVJ6a66VHAyFTRnzPaS9MQ EceJ9FheZUeDhkxxJOKNik3jT04tHAKhQEzAERZkrKzU+TDlW5MhDTJ4/wNTknZ6 /rggCxeiA6DjVbovU0upjSszQYXHJyhjMQdVbxyZDbolF0o7/egZwAQGi9uGwRSb +vihwLrDvKlCcD5TCecnqQEtXORQ15sm4tgHwTPRqGJ3e5ugMo7JJpsgPImyTGvn 8k038Bq4u2kJelfgpUgVcpDTGeEoCKGLCU3g00CnPKLZmCarp9NCbg5R8ReyTDXj GXCFoV2BDYW2Hy6JShO/2eLs7G1MIngo8vCumMsop+89DFD4DyVCKYK096v+nXTG ahAWqk+TRetsHRKfPMW0PNbWa3nkVbYQGXWdtt3UboHh357RcxBHywbg8g2yz3d9 FUzkO5i5mJ302RDh4BNhc9db/8U371og4yATQxV0j52gNaxMtdwQgrbgJ2XNih3e hdjujDUXpdBuaPxoZE5o =7ByE -----END PGP SIGNATURE-----
--- End Message ---
