Bug 1576825 - 1.0.45 fixes isues with not accepting TLS 1.0, please upgrade
Summary: 1.0.45 fixes isues with not accepting TLS 1.0, please upgrade
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: pure-ftpd
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ondřej Lysoněk
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-10 13:10 UTC by Michael Romans
Modified: 2019-03-12 21:07 UTC (History)
7 users (show)

Fixed In Version: pure-ftpd-1.0.47-2.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-12 21:07:48 UTC
Type: Bug


Attachments (Terms of Use)

Description Michael Romans 2018-05-10 13:10:41 UTC
Description of problem:
The current version 1.0.43 does not allow you to shut off TLS 1.0 making this a security issue.  Version 1.0.45 fixes this.  Please upgrade ASAP.

Version-Release number of selected component (if applicable):
1.0.43

How reproducible:
100%

Steps to Reproduce:
1. Run it and log in with TLS v1.0
2.
3.

Actual results:


Expected results:
TLS v1.0 is considered not secure and should be shut off or allowed to be shut off.

Additional info:

Comment 1 Michael Romans 2018-05-10 13:18:37 UTC
Shutting off v1.0 is required for PCI compliance so this is a pretty big security issue.

Comment 2 Ondřej Lysoněk 2018-05-10 13:26:55 UTC
Hi, I'm one of the pure-ftpd maintainers in Fedora. I'm planning to do this, but was holding it off, because there was a regression report in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1490354

Hopefully that's resolved now, so I think I'll do the rebase (straight to 1.0.47) in the coming days.

Comment 3 Fedora Update System 2019-02-06 13:30:24 UTC
pure-ftpd-1.0.47-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315

Comment 4 Fedora Update System 2019-02-10 02:12:46 UTC
pure-ftpd-1.0.47-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315

Comment 5 Fedora Update System 2019-02-13 16:22:42 UTC
pure-ftpd-1.0.47-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315

Comment 6 Fedora Update System 2019-02-14 03:20:59 UTC
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315

Comment 7 Fedora Update System 2019-03-12 21:07:48 UTC
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.