CVE-2012-3292

Bug #1027323 reported by Mattias Ellert
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
globus-gridftp-server-control (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

The CVE has been fixed in the latest debian version (2.5-2) that is imported to quantal.

The fix needs to be backported to the other supported releases: lucid, natty, oneiric and precise.

Revision history for this message
Mattias Ellert (mattias-ellert-fysast) wrote :
Revision history for this message
Mattias Ellert (mattias-ellert-fysast) wrote :
Revision history for this message
Mattias Ellert (mattias-ellert-fysast) wrote :
Revision history for this message
Mattias Ellert (mattias-ellert-fysast) wrote :
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks, Mattias! Please see the instructions for contributors that need security sponsoring here:

https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors

I'll subscribe the ubuntu-security-sponsors team and get you in the queue.

Changed in globus-gridftp-server-control (Ubuntu):
status: New → Confirmed
visibility: private → public
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hi Mattias - Can you comment on the amount of testing that you've done? Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

ACK. Patch is simple and matches upstream. Thanks!

Changed in globus-gridftp-server-control (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package globus-gridftp-server-control - 2.3-1ubuntu0.1

---------------
globus-gridftp-server-control (2.3-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
 -- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:57:32 +0200

Changed in globus-gridftp-server-control (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package globus-gridftp-server-control - 0.36-1ubuntu0.1

---------------
globus-gridftp-server-control (0.36-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
 -- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:11:28 +0200

Changed in globus-gridftp-server-control (Ubuntu Lucid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package globus-gridftp-server-control - 0.43-1ubuntu0.1

---------------
globus-gridftp-server-control (0.43-1ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
 -- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 07:20:20 +0200

Changed in globus-gridftp-server-control (Ubuntu Natty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package globus-gridftp-server-control - 0.46-1ubuntu0.1

---------------
globus-gridftp-server-control (0.46-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
 -- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:41:24 +0200

Changed in globus-gridftp-server-control (Ubuntu Oneiric):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers