234464 – net-ftp/filezilla-3.1.1 version bump

Bug 234464 - net-ftp/filezilla-3.1.1 version bump

Summary: net-ftp/filezilla-3.1.1 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Bernard Cafarelli

URL:	http://filezilla-project.org
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-11 13:55 UTC by Marco Leogrande
Modified:	2008-08-13 09:07 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marco Leogrande 2008-08-11 13:55:03 UTC

The version 3.1.1 of net-ftp/filezilla has been released yesterday.
I know that I should wait at least 48 hours before filing the bug and choose the 'enhancement' severity, but the latest version of the package present in Portage (3.1.0) is (somewhat) vulnerable. The homepage of the software claims that an attacker could cause a SSL/TLS'd connection to close (if I understand correctly), and states that all versions <3.1.0.1 are affected.

Btw, I just renamed the latest ebuild and the package compiles and runs successfully.

Comment 1 Bernard Cafarelli gentoo-dev

2008-08-13 09:07:55 UTC

Why do they always choose to find those bugs when I'm on holidays? ;)

Thanks for the report, I've bumped to 3.1.1.1 (fixes a possible crash), and removed older ~arch ebuilds.