Date: Fri, 18 Jul 2008 00:10:52 +0300 From: Michail Litvak <mci@....openwall.com> To: oss-security@...ts.openwall.com Cc: chris@...ry.beasts.org Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Hello Jonathan Smith! Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)": > Tomas Hoger wrote: > | This is just a heads-up. We are releasing updated vsftpd packages > | containing a fix for a minor memory leak identified by CVE-2007-5962. > > The memory leak itself is CVE-2007-5962? Or is the CVE for the original > issue where deny_hosts didn't work as expected? It doesn't seem to be > public. As I understand RH released patch to fix problem with deny_file statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764 But introduce memory leak (CVE-2007-5962) and release package with fixed version of their patch. Please correct me if I make mistake, but seems this is a typo and You mean deny_file, not deny_hosts. -- //ShaD0w
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.