[Pkg-erlang-devel] Bug#738132: CVE-2014-1693
Sergei Golovan
sgolovan at nes.ru
Sat Feb 8 07:06:33 UTC 2014
Hi Moritz,
On Sat, Feb 8, 2014 at 10:01 AM, Sergei Golovan <sgolovan at nes.ru> wrote:
> Hi Moritz!
>
> On Sat, Feb 8, 2014 at 2:52 AM, Moritz Muehlenhoff <jmm at debian.org> wrote:
>>
>> Hi,
>> please see http://seclists.org/oss-sec/2014/q1/163 for details.
>>
>> This doesn't warrant a DSA, but can be fixed in a point update.
>
> As far as I can see this bug is already reported upstream, but still
> isn't fixed in GIT. I'll try to prepare a fix myself.
Looking further, I'm not sure now if it's a security bug at all. It's
a bug in a client, which accidentally may send several commands into
the FTP control socket at once instead of one. I wonder why it got CVE
number?
Cheers!
--
Sergei Golovan
More information about the Pkg-erlang-devel
mailing list