From akeithle at gmail.com  Wed Jul  9 16:36:36 2008
From: akeithle at gmail.com (Anne-Marie)
Date: Wed, 9 Jul 2008 11:36:36 -0500
Subject: Need Information Rergading US CERT VU#800113
Message-ID: <ffee8e6c0807090936g4b56c0e4m3b56a8ab056adef@mail.gmail.com>

Hello,

Could you confirm whether VU#800113 affects Fedora?  The announcement
for the Multiple DNS implementations vulnerable to cache poisoning is
located at http://www.kb.cert.org/vuls/id/800113.

Thank you for your help,

Anne-Marie Keithley



From bressers at redhat.com  Wed Jul  9 17:54:54 2008
From: bressers at redhat.com (Josh Bressers)
Date: Wed, 09 Jul 2008 13:54:54 -0400
Subject: Need Information Rergading US CERT VU#800113
In-Reply-To: <ffee8e6c0807091046v2a657dbft1cec83e71121bd3@mail.gmail.com>
References: <ffee8e6c0807090936g4b56c0e4m3b56a8ab056adef@mail.gmail.com>
	<478.1215625380@devserv.devel.redhat.com>
	<ffee8e6c0807091046v2a657dbft1cec83e71121bd3@mail.gmail.com>
Message-ID: <975.1215626094@devserv.devel.redhat.com>

On 9 July 2008, Anne-Marie wrote:
> That's wonderful!  Thank you Josh.  I understand only releases prior
> to Fedora 8 will need to be patched.  Is this correct?
> 
> Thank you again for your help,
> 

No, all versions of bind need to be patched, as bind will get a random UDP
port from the kernel, but reuse it for subsequent queries.

-- 
    JB



From bugzilla at redhat.com  Wed Jul 30 20:09:52 2008
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 30 Jul 2008 16:09:52 -0400
Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability
In-Reply-To: <bug-237533-199382@bugzilla.redhat.com>
Message-ID: <200807302009.m6UK9qci003017@bz-web1.app.phx.redhat.com>

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: CVE-2007-2165: proftpd auth bypass vulnerability
Alias: CVE-2007-2165

https://bugzilla.redhat.com/show_bug.cgi?id=237533





------- Additional Comments From updates at fedoraproject.org  2008-07-30 16:09 EST -------
proftpd-1.3.1-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.