oss-sec mailing list archives
Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
From: Jonathan Smith <smithj () freethemallocs com>
Date: Sun, 20 Jul 2008 10:28:12 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Michail Litvak wrote:
Hello Jonathan Smith! Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)":Tomas Hoger wrote: | This is just a heads-up. We are releasing updated vsftpd packages | containing a fix for a minor memory leak identified by CVE-2007-5962. The memory leak itself is CVE-2007-5962? Or is the CVE for the original issue where deny_hosts didn't work as expected? It doesn't seem to be public.As I understand RH released patch to fix problem with deny_file statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764 But introduce memory leak (CVE-2007-5962) and release package with fixed version of their patch. Please correct me if I make mistake, but seems this is a typo and You mean deny_file, not deny_hosts.
You are correct. Someone from rPath also noticed this, but I guess I never followed up and corrected myself on oss-security :) smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREIAAYFAkiDg7wACgkQCG91qXPaRekUtACggz/IxZ1l1sgKC9KXrCM0bPT3 Ov8Anjw4sWOLNBdiy+5P0YgwE06IWVJ8 =c/61 -----END PGP SIGNATURE-----
Current thread:
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Michail Litvak (Jul 17)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (Jul 20)