Date: Wed, 11 Feb 2009 11:16:14 -0800 (PST) From: TJ Saunders <tj@...taglia.org> To: <oss-security@...ts.openwall.com> Subject: Re: CVE request for proftpd > >As discussed there, this is a duplicate of an earlier bug: > > > > http://bugs.proftpd.org/show_bug.cgi?id=3124 > > > >and has been fixed in ProFTPD 1.3.2rc3 and later. > > Oh, forgot to ask. It looks like this would have been introduced in > 1.3.1. Is that correct? So the affected versions would be > 1.3.1 to 1.3.2rc2. That's correct. > Also, as I was looking at the Gentoo report, I noticed bug #3173 which > likely also needs a CVE name (for the "encoding-dependent SQL injection > vulnerability"). Yes; I was just about to note the same thing. =) Cheers, TJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The split in you is clear. There is a part of you that knows what it should do, and a part that does what it feels like doing. -John Cantwell Kiley ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ