Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552254 - <net-ftp/pure-ftpd-1.0.40: user session handler process can be crashed by too long path pattern
Summary: <net-ftp/pure-ftpd-1.0.40: user session handler process can be crashed by too...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 546756
Blocks:
  Show dependency tree
 
Reported: 2015-06-16 07:48 UTC by Lars Wendler (Polynomial-C) (RETIRED)
Modified: 2015-11-09 21:52 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-06-16 07:48:50 UTC 
From the NEWS file:

 - The process handling a user session could be crashed by trying to
match a file pattern longer than the maximum length for a path. This
has been fixed. Upgrading is recommended.


Arches please test and mark stable =net-ftp/pure-ftpd-1.0.40 with target KEYWORDS:

alpha amd64 arm hppa ia64 ppc ppc64 sparc x86


@ alpha and sparc teams:
You also need to fix bug #546756 in order to get this release keyworded. Please do so.
Comment 1 Agostino Sarubbo gentoo-dev 2015-06-16 15:17:51 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2015-06-16 15:18:05 UTC 
x86 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-06-20 05:42:00 UTC 
Stable for HPPA PPC64.
Comment 4 Markus Meier gentoo-dev 2015-06-21 10:39:29 UTC 
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-06-24 09:01:48 UTC 
ppc stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-07-03 08:28:22 UTC 
alpha stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-07-03 08:29:02 UTC 
sparc stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 16:26:00 UTC 
ia64 stable

Cleanup, please!

GLSA vote: no.
Comment 9 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-08-30 13:20:20 UTC 
Sorry guys, already cleaned up a couple of weeks ago.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2015-11-09 21:52:11 UTC 
Vote: no. Closing NOGLSA.