CVE-2007-6263: security vulnerability in linux-ftpd-ssl

added bug

Fixed changelog.

Also for MOTU-SWAT here are the diff for other release for you to test.

Updated for all release to follow the Security Updates Procedures.

http://funeral.homeunix.org/~pmf/ftpd/

Your Hardy debdiff does not include previous changelog entries (I'm referring to 0.17.18+0.3-9ubuntu1 and 0.17.18+0.3-6ubuntu1). In order to avoid overlooking them, you may want to use grab-merge.sh script (http://merges.ubuntu.com/grab-merge.sh).

Regarding debdiffs for stable releases, you should adjust them:
1) Target must be {dapper,edgy,feisty,gutsy}-security
2) Version should be:
   - 0.17.18+0.3-9ubuntu1.1 for gutsy
   - 0.17.18+0.3-6ubuntu1.1 for feisty
   - 0.17.18+0.3-6ubuntu0.1 for edgy
   - 0.17.18+0.3-5ubuntu0-1 for dapper
3) Changelog entry should reflect security template
4) You must include security fix only, Standard-Version and distclean changes are not allowed.

See https://wiki.ubuntu.com/SecurityUpdateProcedures for the details. Thanks.

About other releases that was already fixed on http://funeral.homeunix.org/~pmf/ftpd/

As for Hardy one, i fixed the changelog, and remove the standards-version and distclean change, only remains security-fix and ubuntu changes.

fix changelog and patched all releases inline.

Uploaded for Hardy, thanks!

linux-ftpd-ssl (0.17.18+0.3-9.1ubuntu1) hardy; urgency=low

   * Merge from Debian unstable (LP: #176175). Remaining Ubuntu changes:
     - debian/control: Add update-inetd to ftpd-ssl's dependencies
     - debian/control: Add openbsd-inetd | inet-superserver dependencies
                       as ftpd-ssl needs an inet server to work
     - Modify Maintainer value to match Debian-Maintainer-Field Spec
   * Bump Standards-Version to 3.7.3
   * Updated lintian warnings (distclean)

linux-ftpd-ssl (0.17.18+0.3-9.1) unstable; urgency=high

  * Non-maintainer upload by the testing-security team.
  * Fix remote denial of service cause by passing an
    uninitialized file stream to fopen().Initializing file
    with NULL and checking for NULL before calling fclose()
    fixes this (CVE-2007-6263; Closes: #454733).

 -- Pedro Fragoso <email address hidden> Thu, 13 Dec 2007 16:50:47 +0000

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.