Date: Thu, 18 Jun 2015 17:13:58 +0200 From: Vasyl Kaigorodov <vkaigoro@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request: pure-ftpd denial of service in glob_() Hello, Version 1.0.40 of pure-FTPd fixes a potential denial of service issue. From the NEWS file: - The process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path. This has been fixed. Upgrading is recommended. Upstream commit that fixes this: https://github.com/jedisct1/pure-ftpd/commit/0627004e23a24108785dc1506c5767392b90f807 References: https://bugs.gentoo.org/show_bug.cgi?id=552254 https://bugzilla.redhat.com/1233267 Can a CVE be assigned to this please? Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 Free/Busy status: https://url.corp.redhat.com/vk-free-busy-status Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/ Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.