oss-sec mailing list archives

Re: pure-ftpd STARTTLS command injection / new CVE?

From: Josh Bressers <bressers () redhat com>
Date: Mon, 11 Apr 2011 16:20:07 -0400 (EDT)



----- Original Message -----

Hi,

http://www.pureftpd.org/project/pure-ftpd/news

states that pure-ftpd is affected by the same STARTTLS
injection bug as postifx's CVE-2011-0411.

Is this CVE postfix-specific or can it be used for
pure-ftpd as well? If needed, can someone assign a new CVE?


Use CVE-2011-1575 for this.

Thanks.

-- 
    JB

Current thread:

pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
  - Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
  - CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
    - Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Josh Bressers (May 17)
- Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)