Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533 matthias(a)rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From matthias(a)rpmforge.net 2007-06-15 11:41 EST ------- Still no backport of the patch to the stable 1.3.0a release. It's pretty annoying, since the patch against the latest RC doesn't apply cleanly because of variable name changes. I tried to backport it, but the risk in _me_ doing so is just too high. I really don't understand how/why projects decide to not provide security patches for what they consider to be the current stable release... I'm going to push new proftpd packages anyway, to fix bug #244168 but not this bug, unfortunately :-( -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 kevin(a)tummy.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kevin(a)tummy.com ------- Additional Comments From kevin(a)tummy.com 2007-09-13 20:11 EST ------- Any further news here? Also, if the 1.3.1rc3 is working fine in devel, would you consider pushing to epel? or is it too disruptive going from 1.3.0a to 1.3.1rc3? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 ------- Additional Comments From matthias(a)rpmforge.net 2007-10-22 10:37 EST ------- I've had no reports of any problems with 1.3.1, so I'll push it in F-7 testing updates. If everything looks good once it's there, then it should be possible to push it to stable. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 ------- Additional Comments From updates(a)fedoraproject.org 2007-11-05 10:10 EST ------- proftpd-1.3.1-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|ERRATA | Version|fc6 |f8test3 ------- Additional Comments From lkundrak(a)redhat.com 2007-11-05 10:57 EST ------- Reopening for Werewolf. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367431 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367431 Bug 237533 depends on bug 367431, which changed state. Bug 367431 Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=367431 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 bugzilla(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Version|f8test3 |8 ------- Additional Comments From matthias(a)rpmforge.net 2008-02-03 12:37 EST ------- I'm confused. The package in F-7 updates has been newer than that one in F-8 for ages, and I haven't received any nag mails about it. Still they're all 1.3.1, so the security fix is included. Nevertheless, I'll be pushing 1.3.1-3 as an F-8 update. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 ------- Additional Comments From matthias(a)rpmforge.net 2008-02-03 12:47 EST ------- (In reply to comment #10) Ouch, you're absolutely right! I'll do that now. I still can't reproduce the EL-4 build failure from bug #250223 on my machine, so I think I'll give up on EL-4 proftpd, though. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 ------- Additional Comments From updates(a)fedoraproject.org 2008-07-30 16:09 EST ------- proftpd-1.3.1-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.