oss-sec mailing list archives
Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
From: Jonathan Smith <smithj () freethemallocs com>
Date: Wed, 21 May 2008 11:34:42 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tomas Hoger wrote: | This is just a heads-up. We are releasing updated vsftpd packages | containing a fix for a minor memory leak identified by CVE-2007-5962. The memory leak itself is CVE-2007-5962? Or is the CVE for the original issue where deny_hosts didn't work as expected? It doesn't seem to be public. | The issue occurred because of the Red Hat / Fedora specific patch | which, according to information from our vsftpd maintainer, is not in | upstream. I also checked few major vendors, it seems no one is using | the patch. rPath/Foresight does :-/ | More details in our BZ: | | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5962 Thanks for the heads-up. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkg0eVEACgkQCG91qXPaRemHagCfck874lv1ONGXaZPPGRWo0i6x R3AAnRE/9lpHs8D4NAYSV59MudHSoLRy =ZSXA -----END PGP SIGNATURE-----
Current thread:
- vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Tomas Hoger (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Josh Bressers (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Steven M. Christey (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Josh Bressers (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)