Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Jul 2008 00:10:52 +0300
From: Michail Litvak <mci@....openwall.com>
To: oss-security@...ts.openwall.com
Cc: chris@...ry.beasts.org
Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

Hello Jonathan Smith! 

 Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)": 

> Tomas Hoger wrote:
> | This is just a heads-up.  We are releasing updated vsftpd packages
> | containing a fix for a minor memory leak identified by CVE-2007-5962.
> 
> The memory leak itself is CVE-2007-5962? Or is the CVE for the original
> issue where deny_hosts didn't work as expected? It doesn't seem to be
> public.

As I understand RH released patch to fix problem with deny_file
statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764

But introduce memory leak (CVE-2007-5962) and release package with
fixed version of their patch.

Please correct me if I make mistake, but seems this is a typo and
You mean deny_file, not deny_hosts.

-- 
//ShaD0w

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.