Bug 152908
Summary: | gftp: Directory traversal vulnerability (CAN-2005-0372) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Eisenstein <deisenst> |
Component: | gftp | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372 | ||
Whiteboard: | 1, LEGACY, QA, rh73, rh90 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-10 21:28:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Lawrence
2005-03-30 23:31:43 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh - source integrity good - spec file changes minimal - the changes are identical to debian's patch, some version specific tuning was needed, though. +PUBLISH RHL73,RHL9,FC1 0a45ce107dae5a1035941a17eeb37dbb36d4acde gftp-2.0.11-2.1.legacy.src.rpm a68107e8f49cbac4e82c3b6a1fbc62d745bfacc6 gftp-2.0.14-2.1.legacy.src.rpm 2a69616570fd7b6391b28637fa6cc49487e8cfde gftp-2.0.17-0.FC1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCYTbHGHbTkzxSL7QRAtw5AJ9VAHiQLeP+xE7yUfhAh5gqWtDp6wCgwG8M OpsSlBu0VchL+HRqRgj428s= =LPwO -----END PGP SIGNATURE----- Packages were pushed to updates-testing Tested on RHL9; signature OK, upgrade went well, gftp seemed to work OK after the upgrade. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RHL73 package verify. Signature OK, basic file transfer seems to work with both graphical and text client. +VERIFY RHL73 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCnA9bGHbTkzxSL7QRAocwAKDARVekWqHE9im/crlMMcJOBy7oNACghbW1 HBJrnYSO/vNKEKxJnRIU86o= =MoRB -----END PGP SIGNATURE----- 2 verifys, timeout is two weeks. Timeout over, to be released. Packages were officially released. |