Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 248458 - =net-ftp/vsftpd-2.0.7-r1 stable request
Summary: =net-ftp/vsftpd-2.0.7-r1 stable request
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL: http://scarybeastsecurity.blogspot.co...
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2008-11-23 19:10 UTC by kfm
Modified: 2009-02-24 15:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description kfm 2008-11-23 19:10:45 UTC 
I'm not sure if this actually qualifies as a security bug so I'm assigning to the security herd to make that judgement (and also because the package has no maintainer). More information on the issue can be found here:

http://scarybeastsecurity.blogspot.com/2008/07/on-ftp-ssl-and-broken-interfaces.html
http://forum.filezilla-project.org/viewtopic.php?f=2&t=7580

Thus, I'd very much appreciate it if vsftpd-2.0.7 were to be keyworded stable. Copying in the relevant arches to that effect.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-11-23 19:35:05 UTC 
This is not a security issue, as the worst impact is a client-side DoS. You can easily restart the transfer once it failed.

The 2.0.7 ebuild is in the tree long enough, but there's still bug 234278 and bug 241720 that are confirmed on 2.0.7.

Raul, you bumped the package the last few times. Any opinion?
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2008-12-26 16:57:25 UTC 
Please do
Comment 3 Brent Baude (RETIRED) gentoo-dev 2008-12-27 18:54:16 UTC 
ppc64 stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-28 17:25:26 UTC 
ppc stable
Comment 5 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-31 00:11:46 UTC 
sparc stable
Comment 6 Dawid Węgliński (RETIRED) gentoo-dev 2009-01-02 23:41:22 UTC 
amd64 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-01-07 18:57:58 UTC 
alpha/ia64/x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-02-24 15:24:25 UTC 
arm/s390/sh stable, closing