Your message dated Wed, 23 Oct 2019 21:49:29 +0000 with message-id <e1inovv-000d15...@fasolo.debian.org> and subject line Bug#928282: fixed in filezilla 3.45.1-1 has caused the Debian Bug report #928282, regarding filezilla: CVE-2019-5429 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928282 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: filezilla Version: 3.39.0-2 Severity: grave Tags: security upstream Hi, The following vulnerability was published for filezilla. CVE-2019-5429[0]: | Untrusted search path in FileZilla before 3.41.0-rc1 allows an | attacker to gain privileges via a malicious 'fzsftp' binary in the | user's home directory. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-5429 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5429 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1704602 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: filezilla Source-Version: 3.45.1-1 We believe that the bug you reported is fixed in the latest version of filezilla, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrien Cunin <adri2...@ubuntu.com> (supplier of updated filezilla package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Sep 2019 15:01:17 +0200 Source: filezilla Binary: filezilla filezilla-common Architecture: source Version: 3.45.1-1 Distribution: unstable Urgency: medium Maintainer: Adrien Cunin <adri2...@ubuntu.com> Changed-By: Adrien Cunin <adri2...@ubuntu.com> Description: filezilla - Full-featured graphical FTP/FTPS/SFTP client filezilla-common - Architecture independent files for filezilla Closes: 928282 933416 Changes: filezilla (3.45.1-1) unstable; urgency=medium . * New upstream release - Fixes CVE-2019-5429 (Closes: #928282) * Updated libfilezilla-dev versioned build-dep to 0.18.2 * Build against wxWidgets GTK 3 (Closes: #933416) * Updated Standards-Version to 4.4.0, no change needed * Updated dh compat to 12 * Install filezilla.appdata.xml * debian/copyright: added license info for data/filezilla.appdata.xml * debian/patches/series: added commented line for the patch used by Ubuntu to make Lintian happy Checksums-Sha1: cab2c7df419c1ed63495a3d062166160611c7a5b 2138 filezilla_3.45.1-1.dsc 0fa86688fad3b85b73fb64255b3aff32bc12ee25 4649083 filezilla_3.45.1.orig.tar.bz2 5a8db2f3ba1fb382481169499537ba0dcf70270b 9492 filezilla_3.45.1-1.debian.tar.xz e0f97e32bad30c2476dd90d65c8eebf9acf656c8 17054 filezilla_3.45.1-1_source.buildinfo Checksums-Sha256: 795cdd459ece6f6313e142357217a258b28bd1b78c38d8d316679557aa32daa4 2138 filezilla_3.45.1-1.dsc 889c08a7247f05507ca4bd76f4e2cd0e0504deb1815c7a2a28d8cfbdaa9d1ec2 4649083 filezilla_3.45.1.orig.tar.bz2 580ebcf3ef3dbab688d08df48af4e2bb33cc145de33f0641cf8f7adc052172a3 9492 filezilla_3.45.1-1.debian.tar.xz 23cd79948710e53e773f558ee508c81ae8570d750fdc11b654d703dfca8a89c5 17054 filezilla_3.45.1-1_source.buildinfo Files: 7d17677911368b77c8437db41407bcf3 2138 net optional filezilla_3.45.1-1.dsc 32b1ab28bcc0c17ed732bd3892258cfe 4649083 net optional filezilla_3.45.1.orig.tar.bz2 afc7e1a7e2af5881783b8c51929ad423 9492 net optional filezilla_3.45.1-1.debian.tar.xz 6a37841108db01c6c1c6459271d0d75d 17054 net optional filezilla_3.45.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAl2wx8EACgkQ808JdE6f XdmlYQ//VL3VvyX4ruOwU0ZxxbiEej1oddffemkznlGaboCJMhwlRw9JZqnVSSOi XIQaQAOe+v1V0ZS5bTz3PV1Ze2dKP8jvkSWFB6AIQ381l2n5D87tSFzsGitimL9H /P/XdIRFk1ylsippMrhgoSvuMrqXqw5+qg4+IisCtUo+MLChU3pWOQstoYoCLsO6 Mckk1fqHdhluT6ZUWz0W7MRfvTKQeL4Hmj4wTODpfe0F39y2CDWdFcna3tbCcTqh vjSx/T/S+q7P5K6wSngfahGHl+hcdSbzcdFdKDsgEVlkC9c/fpg+S0Jj6KhXIkA+ VdE0E0/ddEdLphbd/2p99PlETWwuA1XAsxf+gaKU1N+IYpMgS3/dV065Z7YiW8Zd hHqcCDQDkFKLaPwtRcYeTvAEEVCYtjKlTwBPmLcrhTWBJyWLsBqtvq+C44E82NDJ 3chxjS4Yil0V7YnekM2kLjuo7BXm5CPAWciaP5I4VMt2EROXaG+NpWE4CycOLNeb uuB8q1SQqcq3AqP+xXF4zoJ3OMRo+BaO5rFEY/y3LyRsqbFkimOdaM4Ak73HgwSh 7HQ8UkuEP366JN0a7Ic80opSgSXSgfhO5CNqB5iJ0ZqrhXD/dYdi15mmlf1NDx7o WkFWL/qlW4S+TDqje7agc5br0CGN0GwBttYYQr+WiFIcUivmJ20= =55f5 -----END PGP SIGNATURE-----
--- End Message ---
