oss-sec mailing list archives

CVE id request: ftpd

From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 29 Sep 2008 20:22:16 +1000

Hi

There seems to be a Cross-site request forgery[0] in ftpd.
Upstream used these patches[1][2] to address the issue. There are also two 
Debian Bugreports[3][4] for this issue.
Could I please get a CVE id for this?

Cheers
Steffen

[0]: 
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064697.html

[1]: 
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.50&r2=1.51&f=h

[2]: 
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

[3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500518

[4]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500278

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE id request: ftpd Steffen Joeris (Sep 29)
- Re: CVE id request: ftpd Robert Buchholz (Sep 29)
- Re: CVE id request: ftpd Steven M. Christey (Sep 30)
- <Possible follow-ups>
- Re: CVE id request: ftpd Josh Bressers (Sep 30)
  - Re: CVE id request: ftpd Steven M. Christey (Sep 30)