Bug#767171: marked as done (tnftp: CVE-2014-8517: ftp(1) can be made execute arbitrary commands by malicious webserver)

[Debian Bug Tracking System]

Your message dated Thu, 06 Nov 2014 11:22:17 +0000
with message-id <e1xml8r-0000xs...@franck.debian.org>
and subject line Bug#767171: fixed in tnftp 20130505-2
has caused the Debian Bug report #767171,
regarding tnftp: CVE-2014-8517: ftp(1) can be made execute arbitrary commands 
by malicious webserver
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
767171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767171
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tnftp
Severity: grave
Tags: security

Please see http://www.openwall.com/lists/oss-security/2014/10/28/4
No CVE ID has been assigned yet. This doesn't warrant a DSA, but
you could fix it up in a point release.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: tnftp
Source-Version: 20130505-2

We believe that the bug you reported is fixed in the latest version of
tnftp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 767...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated tnftp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Nov 2014 10:42:01 +0000
Source: tnftp
Binary: tnftp
Architecture: source amd64
Version: 20130505-2
Distribution: unstable
Urgency: medium
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description:
 tnftp      - enhanced ftp client
Closes: 759467 767171
Changes:
 tnftp (20130505-2) unstable; urgency=medium
 .
   * Only trust filenames with special meaning if they came from
     the command line. CVE-2014-8517.
     Add upstream patch CVE-2014-8517.patch.
     Closes: #767171.
   * Run dh-autoreconf to update for new architectures.
     Patch by Brahadambal Srinivasan <la...@linux.vnet.ibm.com>.
     Closes: 759467.
   * Standards Version is 3.9.6.
   * Fix uses-deprecated-compression-for-data-tarball.
   * Fix build-depends-on-obsolete-package.
     build-depends: hardening-wrapper => use dpkg-buildflags instead.
Checksums-Sha1:
 0ae33994045d362047f232441784913dbbddf073 1742 tnftp_20130505-2.dsc
 c24c22862522f257954997b696aaad130e9e02ad 6684 tnftp_20130505-2.debian.tar.xz
 0c9b3c0a3e1052357f80718ffc983632f934679f 170162 tnftp_20130505-2_amd64.deb
Checksums-Sha256:
 af466271cd5ed2c76c060eea5551b97c350eaf6f2bfd8e1a7091b3f5c342a773 1742 
tnftp_20130505-2.dsc
 2acea23ca1b36099a6517f1215edefb196c8d2b06fde30cecacfed5d34a11d19 6684 
tnftp_20130505-2.debian.tar.xz
 c442209bc774a09813632eccd2c3d34b01fd86739f3220c65903cd3366a9bd53 170162 
tnftp_20130505-2_amd64.deb
Files:
 614d5d30801431bbe6bc52c3ba5a1c4a 1742 net optional tnftp_20130505-2.dsc
 7f6c8e47de72ba5e38e0e78cfd93b10d 6684 net optional 
tnftp_20130505-2.debian.tar.xz
 c477e2b89f398523bc68277c8bc9b346 170162 net optional tnftp_20130505-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUW1HxAAoJEHxWrP6UeJfYxKwP/1fqHgB6M9xfBMMs2suMUPLV
aO4T1mH20AIz1Q6cjuixXoTX1qufIBM3c5CDtrqsy7wnQiLif8nKKGHqJu7+yZhL
VzCu960agXR5aVWk6LES5CPBGi3J2VWNytLv++nj1ANCCkax46TAd372uqJCAuFT
KbkJMjWv3d+BUxCR4xhYGh0rztQGRCYExh11Nf8DG6TxQbdrKc+vOoAFtpSRoUcP
DdYoNXzwf7u71CU+lIfXPHDgKEhwW5ULUH8vEpY3jbYckUJI5B3RjVqW9LcezhC0
3ut70IdV1nMjKtoqgv6TMso8By8hFwD2C2dG6usqY3l3TQuZihyVhkgLgEl4gO15
AE/UU+4hzvnsDTq6tRoByvL/inmV+8TFaaXtv1rBYYDPehRYYMCF/ncx38xZ+KYV
CwXoqM0Z5lMvFrdVmMJDKrk3IFtWWWnzyH6iZmB1F7BMI49o5DJLFdaZcyrxoJRR
zJrgpbbzbFePljQst4A8D4Uwl0xnEaqJ5JKDzmRdu5bq3cT6o1udu2DN5dKDtW1j
JsguntTCHkB35uQIlxWBr9EXH6lgFO/u65BcmMYPA4YW7TN7sKxmcOl09L2ci+Y7
VtrCZPBy/LzoPpAxqdvgKP+FJ7Dfsx7EKm0s5xR4oOOTQLT0H+MgEr+liJzTlHRq
ZSvZbuPt2mOF50hXDclm
=FAB5
-----END PGP SIGNATURE-----

--- End Message ---