Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 20 Jul 2008 10:28:12 -0800
From: Jonathan Smith <smithj@...ethemallocs.com>
To: mci@....openwall.com
CC: oss-security@...ts.openwall.com, chris@...ry.beasts.org
Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michail Litvak wrote:
> Hello Jonathan Smith! 
> 
>  Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)": 
> 
>> Tomas Hoger wrote:
>> | This is just a heads-up.  We are releasing updated vsftpd packages
>> | containing a fix for a minor memory leak identified by CVE-2007-5962.
>>
>> The memory leak itself is CVE-2007-5962? Or is the CVE for the original
>> issue where deny_hosts didn't work as expected? It doesn't seem to be
>> public.
> 
> As I understand RH released patch to fix problem with deny_file
> statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764
> 
> But introduce memory leak (CVE-2007-5962) and release package with
> fixed version of their patch.
> 
> Please correct me if I make mistake, but seems this is a typo and
> You mean deny_file, not deny_hosts.

You are correct. Someone from rPath also noticed this, but I guess I
never followed up and corrected myself on oss-security :)

	smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkiDg7wACgkQCG91qXPaRekUtACggz/IxZ1l1sgKC9KXrCM0bPT3
Ov8Anjw4sWOLNBdiy+5P0YgwE06IWVJ8
=c/61
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.