Ubuntu
globus-gridftp-server-control package

CVE-2012-3292

Bug #1027323 reported by Mattias Ellert on 2012-07-21

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	globus-gridftp-server-control (Ubuntu)	Fix Released	Undecided	Unassigned
	Lucid	Fix Released	Undecided	Unassigned
	Natty	Fix Released	Undecided	Unassigned
	Oneiric	Fix Released	Undecided	Unassigned
	Precise	Fix Released	Undecided	Unassigned

Bug Description

The CVE has been fixed in the latest debian version (2.5-2) that is imported to quantal.

The fix needs to be backported to the other supported releases: lucid, natty, oneiric and precise.

See original description

Related branches

lp:ubuntu/lucid-security/globus-gridftp-server-control

lp:ubuntu/natty-security/globus-gridftp-server-control

lp:ubuntu/oneiric-security/globus-gridftp-server-control

lp:ubuntu/precise-security/globus-gridftp-server-control

CVE References

2012-3292

Revision history for this message

Mattias Ellert (mattias-ellert-fysast) wrote on 2012-07-21:

#1

debdiff for lucid Edit (1.9 KiB, text/plain)

Revision history for this message

Mattias Ellert (mattias-ellert-fysast) wrote on 2012-07-21:

#2

debdiff for natty Edit (2.5 KiB, text/plain)

Revision history for this message

Mattias Ellert (mattias-ellert-fysast) wrote on 2012-07-21:

#3

debdiff for oneiric Edit (2.4 KiB, text/plain)

Revision history for this message

Mattias Ellert (mattias-ellert-fysast) wrote on 2012-07-21:

#4

debdiff for precise Edit (2.3 KiB, text/plain)

Mattias Ellert (mattias-ellert-fysast) on 2012-07-21

description:

updated

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2012-07-27:

#5

Thanks, Mattias! Please see the instructions for contributors that need security sponsoring here:

https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors

I'll subscribe the ubuntu-security-sponsors team and get you in the queue.

Changed in globus-gridftp-server-control (Ubuntu):
status:	New → Confirmed
visibility:	private → public

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2012-08-02:

#6

Hi Mattias - Can you comment on the amount of testing that you've done? Thanks!

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-08-20:

#7

ACK. Patch is simple and matches upstream. Thanks!

Changed in globus-gridftp-server-control (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-08-20:

#8

This bug was fixed in the package globus-gridftp-server-control - 2.3-1ubuntu0.1

---------------
globus-gridftp-server-control (2.3-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
-- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:57:32 +0200

Changed in globus-gridftp-server-control (Ubuntu Precise):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-08-20:

#9

This bug was fixed in the package globus-gridftp-server-control - 0.36-1ubuntu0.1

---------------
globus-gridftp-server-control (0.36-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
-- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:11:28 +0200

Changed in globus-gridftp-server-control (Ubuntu Lucid):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-08-20:

#10

This bug was fixed in the package globus-gridftp-server-control - 0.43-1ubuntu0.1

---------------
globus-gridftp-server-control (0.43-1ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
-- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 07:20:20 +0200

Changed in globus-gridftp-server-control (Ubuntu Natty):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-08-20:

#11

This bug was fixed in the package globus-gridftp-server-control - 0.46-1ubuntu0.1

---------------
globus-gridftp-server-control (0.46-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Wrong user mapping on badly configured server
    (LP: #1027323)
    - debian/patches/globus-gridftp-server-control-pw195.patch: backported
      from upstream
    - CVE-2012-3292
-- Mattias Ellert <email address hidden> Thu, 19 Jul 2012 16:41:24 +0200

Changed in globus-gridftp-server-control (Ubuntu Oneiric):
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.