Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[CVE-2015-1419] Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...

Related Vulnerabilities: CVE-2015-1419  

Source

Debian Bug report logs - #776922
[CVE-2015-1419] Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...

version graph

Package: vsftpd; Maintainer for vsftpd is Keng-Yu Lin <kengyu@lexical.tw>; Source for vsftpd is src:vsftpd (PTS, buildd, popcon).

Reported by: Luciano Bello <luciano@debian.org>

Date: Tue, 3 Feb 2015 10:51:07 UTC

Severity: important

Tags: security, upstream

Found in version vsftpd/3.0.2-17

Fixed in version vsftpd/3.0.2-18

Done: Jörg Frings-Fürst <debian@jff-webhosting.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Jörg Frings-Fürst <debian@jff-webhosting.net>:
Bug#776922; Package vsftpd. (Tue, 03 Feb 2015 10:51:11 GMT) (full text, mbox, link).

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Jörg Frings-Fürst <debian@jff-webhosting.net>. (Tue, 03 Feb 2015 10:51:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: [CVE-2015-1419] Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...
Date: Tue, 03 Feb 2015 11:45:19 +0100
Package: vsftpd
Version: 3.0.2-17
Severity: important
Tags: security upstream

Hi there,
    The following vulnerability was published http://seclists.org/oss-sec/2015/q1/389
    If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Please adjust the affected versions in the BTS as needed.

Regards, luciano

Added tag(s) pending. Request was from Jörg Frings-Fürst <debian@jff-webhosting.net> to control@bugs.debian.org. (Fri, 06 Feb 2015 13:51:12 GMT) (full text, mbox, link).

Reply sent to Jörg Frings-Fürst <debian@jff-webhosting.net>:
You have taken responsibility. (Sat, 28 Feb 2015 11:06:23 GMT) (full text, mbox, link).

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Sat, 28 Feb 2015 11:06:23 GMT) (full text, mbox, link).

Message #12 received at 776922-close@bugs.debian.org (full text, mbox, reply):

From: Jörg Frings-Fürst <debian@jff-webhosting.net>
To: 776922-close@bugs.debian.org
Subject: Bug#776922: fixed in vsftpd 3.0.2-18
Date: Sat, 28 Feb 2015 11:04:32 +0000
Source: vsftpd
Source-Version: 3.0.2-18

We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 776922@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jörg Frings-Fürst <debian@jff-webhosting.net> (supplier of updated vsftpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Feb 2015 16:42:25 +0100
Source: vsftpd
Binary: vsftpd vsftpd-dbg
Architecture: source amd64
Version: 3.0.2-18
Distribution: unstable
Urgency: high
Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net>
Changed-By: Jörg Frings-Fürst <debian@jff-webhosting.net>
Description:
 vsftpd     - lightweight, efficient FTP server written for security
 vsftpd-dbg - lightweight, efficient FTP server written for security (debug)
Closes: 776922
Changes:
 vsftpd (3.0.2-18) unstable; urgency=high
 .
   * New debian/patches/0050-CVE-2015-1419.patch
     - Fix config option "deny_file" not always being handled correctly
       CVE-2015-1419 (Closes: #776922).
     - Thanks to Marcus Meissner.
   * Add year 2015 to debian/copyright.
   * debian/rules:
     - Remove override_dh_builddeb because xz compression is standard now.
   * debian/patches:
     - Refresh 0002-config.patch, 0004-link-local.patch, 0005-whitespaces.patch,
       0006-greedy.patch, 0007-utf8.patch, 0010-remote-dos.patch,
       0011-alpha.patch.
   * Remove debian/source/options because xz compression is standard now.
   * debian/vsftpd.postrm:
     - Remove systemd files and directories when purging.
Checksums-Sha1:
 b8c5daa646b06b1dd486d7bc4fc2716749685abb 1957 vsftpd_3.0.2-18.dsc
 69a609a9a39a7952fdffb70abfb2bcbbb2df285e 152756 vsftpd_3.0.2.orig.tar.xz
 edc22ba3ccbdd2c235db04fd007235b2f60cdac2 31392 vsftpd_3.0.2-18.debian.tar.xz
 601a41328cf6c6db8e33fff42d289f8b7eaf35db 150762 vsftpd_3.0.2-18_amd64.deb
 fedd7445e537b5c3bcbd5249326db45b8f4ef447 222028 vsftpd-dbg_3.0.2-18_amd64.deb
Checksums-Sha256:
 5f1c4e41a36051f30acba49f3efedad9dcfe3e7a435d0700695cbdba8bbcb037 1957 vsftpd_3.0.2-18.dsc
 b19b19125925d307f713853e59df98c9bccae0279b22df1c586fb608363f7cd1 152756 vsftpd_3.0.2.orig.tar.xz
 c2ab39ac3641ac2cfd23613ea6a8e80bc4f9dfe93ff78519ef3d2e28c81b556b 31392 vsftpd_3.0.2-18.debian.tar.xz
 fe2d430fa78b46654520f2eabccb525cb292a9ec7ce0aa820c5f46f8e2ef91b6 150762 vsftpd_3.0.2-18_amd64.deb
 ef25660002f28c54cdaf5f91898a8755ba3d6f4178d45a044c67f8023699e58e 222028 vsftpd-dbg_3.0.2-18_amd64.deb
Files:
 c7eace8de9ad5d86ef8133772ee61bfc 1957 net extra vsftpd_3.0.2-18.dsc
 24f83e528020c847777d5030d0ec15fe 152756 net extra vsftpd_3.0.2.orig.tar.xz
 179af9ececb340e1cc692a499d8f4bf0 31392 net extra vsftpd_3.0.2-18.debian.tar.xz
 eeaf29b0de276f50965369f8c919c8de 150762 net extra vsftpd_3.0.2-18_amd64.deb
 7baed323460ac12e70adf791e56fbe12 222028 debug extra vsftpd-dbg_3.0.2-18_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU8Z/1AAoJEHQmOzf1tfkTfr4QAK8yXXDKYo92iJAMHcHsM0K2
hyZJk/L+Hxe0NsWRn3e0MDhRLMFg5dhYS9bmjEKkqAXg/rfa4mRFP2PUna+Pdsh8
aIXpHLvMu5hLnc0PCudpluq+tF8yusSREUrKBPsM6MfKuMG7Yz+qh4VrhmRrzehb
5a+DUnakE29HQJekXPWEy2lec/tfl7AZSDDdUHIYEUU412EYNnKPHOTOcxwEnVfw
lqhiAON6R0108r0peRyUnNE9ChITI2U8Ts/O7gECszd0jKEvfqPKdUqBN1OIX0FK
9tt2pBSZfpxfvS6Hn/6GFWfR/XS8JB3G0GyPyIPbq+A731Ih8CG1SFyp9blgspbP
tboa+0gJ+BTTnHrLpHRC5e1TjsDg/Hvh9JDUuAVMtzhCmH1kmgUm6pvvxgFV9/Md
DFWCktXtM7h0SYPNwxrd+KPO88cfDwOdqQa1RVaotqoSocDrg0/AX4gvgkfXkKuW
8MZNWkDAbXa13oTE6c2cA6cRT+XV+K47P2Xa0GqQCrcOpalmmGwOo3ShY59dxRnT
AuT5CMb/P+Bdk15TdU8rE3QWynDKqJs3lqG3bynvN2KpdDTr4W6tsYHaXvURouFi
YmPLrH1Vk1u8/PUmmomVB7/7w+GA4GRnNDT+Nx0N9fWGn8mVAF82Tnh4iOQaWj97
1n/2i+CbxffuDxA0i7IV
=scAK
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 May 2015 07:41:32 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:59:20 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started