Re: CVE request for proftpd

[Vincent Danen <vdanen () redhat com>]

* [2009-02-11 11:16:14 -0800] TJ Saunders wrote:

> > >As discussed there, this is a duplicate of an earlier bug:
> > >
> > >  http://bugs.proftpd.org/show_bug.cgi?id=3124
> > >
> > >and has been fixed in ProFTPD 1.3.2rc3 and later.
> >
> > Oh, forgot to ask.  It looks like this would have been introduced in
> > 1.3.1.  Is that correct?  So the affected versions would be
> > 1.3.1 to 1.3.2rc2.
>
> That's correct.

Great.  Thanks for that clarification.

> > Also, as I was looking at the Gentoo report, I noticed bug #3173 which
> > likely also needs a CVE name (for the "encoding-dependent SQL injection
> > vulnerability").
>
> Yes; I was just about to note the same thing. =)

Steve, can we get a second CVE name that references

http://bugs.proftpd.org/show_bug.cgi?id=3173

Thanks much.

--
Vincent Danen / Red Hat Security Response Team