[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Sun, 20 Jul 2008 10:28:12 -0800
From: Jonathan Smith <smithj@...ethemallocs.com>
To: mci@....openwall.com
CC: oss-security@...ts.openwall.com, chris@...ry.beasts.org
Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Michail Litvak wrote:
> Hello Jonathan Smith!
>
> Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)":
>
>> Tomas Hoger wrote:
>> | This is just a heads-up. We are releasing updated vsftpd packages
>> | containing a fix for a minor memory leak identified by CVE-2007-5962.
>>
>> The memory leak itself is CVE-2007-5962? Or is the CVE for the original
>> issue where deny_hosts didn't work as expected? It doesn't seem to be
>> public.
>
> As I understand RH released patch to fix problem with deny_file
> statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764
>
> But introduce memory leak (CVE-2007-5962) and release package with
> fixed version of their patch.
>
> Please correct me if I make mistake, but seems this is a typo and
> You mean deny_file, not deny_hosts.
You are correct. Someone from rPath also noticed this, but I guess I
never followed up and corrected myself on oss-security :)
smithj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEAREIAAYFAkiDg7wACgkQCG91qXPaRekUtACggz/IxZ1l1sgKC9KXrCM0bPT3
Ov8Anjw4sWOLNBdiy+5P0YgwE06IWVJ8
=c/61
-----END PGP SIGNATURE-----
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux