Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 May 2008 11:34:42 -0800
From: Jonathan Smith <smithj@...ethemallocs.com>
To: oss-security@...ts.openwall.com
CC: chris@...ry.beasts.org
Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tomas Hoger wrote:
| This is just a heads-up.  We are releasing updated vsftpd packages
| containing a fix for a minor memory leak identified by CVE-2007-5962.

The memory leak itself is CVE-2007-5962? Or is the CVE for the original
issue where deny_hosts didn't work as expected? It doesn't seem to be
public.

| The issue occurred because of the Red Hat / Fedora specific patch
| which, according to information from our vsftpd maintainer, is not in
| upstream.  I also checked few major vendors, it seems no one is using
| the patch.

rPath/Foresight does :-/

| More details in our BZ:
|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5962

Thanks for the heads-up.

	smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkg0eVEACgkQCG91qXPaRemHagCfck874lv1ONGXaZPPGRWo0i6x
R3AAnRE/9lpHs8D4NAYSV59MudHSoLRy
=ZSXA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.