Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 234464

Summary: net-ftp/filezilla-3.1.1 version bump
Product: Gentoo Linux Reporter: Marco Leogrande <dark.knight.ita>
Component: New packagesAssignee: Bernard Cafarelli <voyageur>
Status: RESOLVED FIXED    
Severity: enhancement CC: jsin
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://filezilla-project.org
Whiteboard:
Package list:
Runtime testing required: ---

Description Marco Leogrande 2008-08-11 13:55:03 UTC
The version 3.1.1 of net-ftp/filezilla has been released yesterday.
I know that I should wait at least 48 hours before filing the bug and choose the 'enhancement' severity, but the latest version of the package present in Portage (3.1.0) is (somewhat) vulnerable. The homepage of the software claims that an attacker could cause a SSL/TLS'd connection to close (if I understand correctly), and states that all versions <3.1.0.1 are affected.

Btw, I just renamed the latest ebuild and the package compiles and runs successfully.
Comment 1 Bernard Cafarelli gentoo-dev 2008-08-13 09:07:55 UTC
Why do they always choose to find those bugs when I'm on holidays? ;)

Thanks for the report, I've bumped to 3.1.1.1 (fixes a possible crash), and removed older ~arch ebuilds.