Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3

To: Hilmar Preusse <hille42@web.de>, 946559@bugs.debian.org
Subject: Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 30 Dec 2019 21:23:22 +0000
Message-id: <[🔎] 56d65d0d8112a1f8de7d251c055f9572358b3686.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 946559@bugs.debian.org
In-reply-to: <[🔎] 157601808012.18495.4019902221521967854.reportbug@sid.showcase.amasol.de>
References: <[🔎] 157601808012.18495.4019902221521967854.reportbug@sid.showcase.amasol.de> <[🔎] 157601808012.18495.4019902221521967854.reportbug@sid.showcase.amasol.de>

Control: tags -1 + confirmed

On Tue, 2019-12-10 at 23:48 +0100, Hilmar Preusse wrote:
> te attached debdiff fixes the issues
> 
> #946345 proftpd-dfsg: CVE-2019-19269
> #946346 proftpd-dfsg: CVE-2019-19270
> 
> ...for Debian buster. I built/installed the package an Debian stable
> and could login into the server and transfer file.

+proftpd-dfsg (1.3.6-4+deb10u3) buster-security; urgency=medium

No "-security" for p-u, please.

+  * Cherry pick patch from upstream:
+     - for upstream 861 (CVE-2019-19269) (Closes: #946345)
+     - for upstream 859 (CVE-2019-19270) (Closes: #946346)
+     upstream_pull_859_861_CVE-2019-19270_CVE-2019-19269

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
  - From: Hilmar Preuße <hille42@web.de>

References:
- Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
  - From: Hilmar Preusse <hille42@web.de>

Prev by Date: Bug#942428: transition: gssdp/gupnp
Next by Date: Processed: Re: Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
Previous by thread: Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
Next by thread: Bug#946559: buster-pu: package proftpd-dfsg/1.3.6-4+deb10u3
Index(es):
- Date
- Thread