[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
From:       Jonathan Smith <smithj () freethemallocs ! com>
Date:       2008-07-20 18:28:12
Message-ID: 488383BC.3040204 () freethemallocs ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michail Litvak wrote:
> Hello Jonathan Smith! 
> 
> Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd \
> CVE-2007-5962 (Red Hat / Fedora specific)":  
> > Tomas Hoger wrote:
> > > This is just a heads-up.  We are releasing updated vsftpd packages
> > > containing a fix for a minor memory leak identified by CVE-2007-5962.
> > 
> > The memory leak itself is CVE-2007-5962? Or is the CVE for the original
> > issue where deny_hosts didn't work as expected? It doesn't seem to be
> > public.
> 
> As I understand RH released patch to fix problem with deny_file
> statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764
> 
> But introduce memory leak (CVE-2007-5962) and release package with
> fixed version of their patch.
> 
> Please correct me if I make mistake, but seems this is a typo and
> You mean deny_file, not deny_hosts.

You are correct. Someone from rPath also noticed this, but I guess I
never followed up and corrected myself on oss-security :)

	smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkiDg7wACgkQCG91qXPaRekUtACggz/IxZ1l1sgKC9KXrCM0bPT3
Ov8Anjw4sWOLNBdiy+5P0YgwE06IWVJ8
=c/61
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]