Your message dated Fri, 01 May 2020 18:32:08 +0000
with message-id <e1juasg-000cgn...@fasolo.debian.org>
and subject line Bug#928282: fixed in filezilla 3.39.0-2+deb10u1
has caused the Debian Bug report #928282,
regarding filezilla: CVE-2019-5429
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
928282: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928282
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: filezilla
Version: 3.39.0-2
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for filezilla.
CVE-2019-5429[0]:
| Untrusted search path in FileZilla before 3.41.0-rc1 allows an
| attacker to gain privileges via a malicious 'fzsftp' binary in the
| user's home directory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5429
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1704602
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: filezilla
Source-Version: 3.39.0-2+deb10u1
Done: Phil Wyett <philip.wy...@kathenas.org>
We believe that the bug you reported is fixed in the latest version of
filezilla, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 928...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Phil Wyett <philip.wy...@kathenas.org> (supplier of updated filezilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Dec 2019 20:25:54 +0000
Source: filezilla
Architecture: source
Version: 3.39.0-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Adrien Cunin <adri2...@ubuntu.com>
Changed-By: Phil Wyett <philip.wy...@kathenas.org>
Closes: 928282
Changes:
filezilla (3.39.0-2+deb10u1) buster; urgency=medium
.
* Non-maintainer upload
* Added: 02_untrusted_search_path.patch - CVE-2019-5429. (Closes: #928282)
Checksums-Sha1:
a3c2f28abfd09846812427c031714c3ee220663f 2169 filezilla_3.39.0-2+deb10u1.dsc
4359ee2e364d537475c629bf4664277760d5d9b0 12568
filezilla_3.39.0-2+deb10u1.debian.tar.xz
463b9f34fae6edaf8fb2705230bb9bbce62841f2 13415
filezilla_3.39.0-2+deb10u1_source.buildinfo
Checksums-Sha256:
19655868386fa6e1ba32889b2de2722c14498ca9ccbbeb75e9805e7262edb67b 2169
filezilla_3.39.0-2+deb10u1.dsc
16ac4c84df420cff481190049139972f24a16cf87c75312a63ec4ed38386641f 12568
filezilla_3.39.0-2+deb10u1.debian.tar.xz
42fb17345e733afb1432dcdedfdaab018d060c6dd2778ec26e0f83b09a366e7d 13415
filezilla_3.39.0-2+deb10u1_source.buildinfo
Files:
bd96ca1571f6262d365cf8f207b38fdc 2169 net optional
filezilla_3.39.0-2+deb10u1.dsc
6624f8b4cdc4ce9fe9e08be8564ffc07 12568 net optional
filezilla_3.39.0-2+deb10u1.debian.tar.xz
d62d90acb3f338b210704213bba09821 13415 net optional
filezilla_3.39.0-2+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl6oZSwACgkQweDZLphv
fH7ychAA9gblHM+e3aw/y6eQbmnITYf8jnmZpREvjpJGvIjfpQiIj835vuJDOd5Q
pGuwze7QFD5xAJ+mLH5dJ39nzsQdOLE/aTjh1aEAwiQ67JZrd13hGMYTXAiI9CI5
tMgQjjDvpoXlnx3UU2qV6fOk6I3JY7JKXpJzRbjHb685Lrsvii5hQZhrPYUjR9yj
8fGo5SoMfPG6Bb2jlyPNEnJMBxG2gJ8l3Hk0CSs/qICfzlMhuql6aQOSAap8r+4k
E7lkNwlgg56agInx1U77U8RR/v94OfJ+/WgM0DIJxwxxP+MZgrSxq3KBqr7tw3VE
vv3gvj0v13+2yUQk7voiE0MKrAPlucPDC2WArFcwAjYWmzUOhY9e7jVNT90/txON
yrqxAohSMQofBXr6fPDq0/lYcFpMXcSPOoCiOUHqVPcZp9xUh8QNOqGsq47p3Oba
fuWgSLH83uvo2r6KOmdqPIUiwoM7Lvnqg78UNlZldp3R8BGXql76vkvJXTnSjf0X
XxKrhYOdeOG7v6D4A3eVkscJoYuutiOQOSO/wBOb/yLX/Up6OBfYwgs03XqD2lAU
rQB6+ykpw87f6sJfnPKXjZGbfBXpXGbw9uxtJoezKxVxubyl+8fyuGmAFJUHq6QM
mXHyXIKipVOTV2xScvLsDA/bTDF2SdJ95M3xYiaXOgL5MT9XinA=
=YHSK
-----END PGP SIGNATURE-----
--- End Message ---
