Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 358375 - <net-ftp/pure-ftpd-1.0.30 possible plaintext command injection in STARTTLS (CVE-2011-1575)
Summary: <net-ftp/pure-ftpd-1.0.30 possible plaintext command injection in STARTTLS (C...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-11 11:04 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified: 2011-10-26 20:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2011-03-11 11:04:57 UTC
pure-ftpd-1.0.30 was released containing the following line in its ChangeLog file:

 - Empty the command-line buffer after switching to TLS. Fixes a flaw           
similar to Postfix's CVE-2011-0411.

pure-ftpd-1.0.30 is in the tree and should be ready for stabilization.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2011-03-11 14:35:11 UTC
Arches please test and mark stable =net-ftp/pure-ftpd-1.0.30

Target keywords are: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2011-03-11 19:13:22 UTC
amd64 done
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2011-03-12 14:04:06 UTC
Stable on alpha.
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-13 09:34:00 UTC
x86 stable
Comment 5 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-13 11:35:59 UTC
ppc/ppc64 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-15 15:38:42 UTC
Stable for HPPA.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2011-03-18 17:33:56 UTC
arm/ia64/sparc stable
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-03-19 22:43:25 UTC
Thanks, folks. GLSA Vote: yes.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:31:24 UTC
Vote: YES. New GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2011-10-26 20:49:43 UTC
This issue was resolved and addressed in
 GLSA 201110-25 at http://security.gentoo.org/glsa/glsa-201110-25.xml
by GLSA coordinator Tim Sammut (underling).