Accepted proftpd-dfsg 1.3.1-17lenny2~bpo40+1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 9 Mar 2009 21:35:05 +0100
Source: proftpd-dfsg
Binary: proftpd-mod-mysql proftpd proftpd-basic proftpd-mod-pgsql proftpd-mod-ldap proftpd-doc
Architecture: source i386 all
Version: 1.3.1-17lenny2~bpo40+1
Distribution: etch-backports
Urgency: high
Maintainer: frankie@debian.org
Changed-By: Francesco Paolo Lovergine <frankie@debian.org>
Description:
proftpd - versatile, virtual-hosting FTP daemon
proftpd-basic - versatile, virtual-hosting FTP daemon - binaries
proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation
proftpd-mod-ldap - versatile, virtual-hosting FTP daemon - LDAP module
proftpd-mod-mysql - versatile, virtual-hosting FTP daemon - MySQL module
proftpd-mod-pgsql - versatile, virtual-hosting FTP daemon - PostgreSQL module
Closes: 503274 516388
Changes:
proftpd-dfsg (1.3.1-17lenny2~bpo40+1) etch-backports; urgency=low
.
* Backported to etch due to multiple security fixes.
.
proftpd-dfsg (1.3.1-17lenny2) stable; urgency=low
.
* Fixed 3173.dpatch to use pr_utf8_get_encoding() (supported in 1.3.1) instead of
pr_encode_get_encoding() supported in 1.3.2.
.
proftpd-dfsg (1.3.1-17lenny1) stable; urgency=low
.
* Security: added 3124.dpatch patch to manage another SQL injection due to % variable
substitution in user/group names. This is fixed in 1.3.2. This is CVE-2009-0542.
* Security: added 3173fix.dpatch to use PQescapeStringConn() instead of the
deprecated PQescapeString(), which does not honour the encoding.
This is referred to the previous fix of #3173 aka CVE-2009-0543.
(closes: #516388)
* Added 3176.dpatch to manage correctly postgres-specific charset names introduced
in patch 3173.dpatch.
.
proftpd-dfsg (1.3.1-17) unstable; urgency=high
.
* Security: added 3173.dpatch patch to manage a critical encoding-dependent SQL
injection with SQL-based authentication.
See http://bugs.proftpd.org/show_bug.cgi?id=3173. This is fixed in 1.3.2.
Thanks TJ for backported patch.
* Now debian/rules removes at cleaning time a couple of .la files
under contrib/ still around after building. This fixes a recently discovered
FTBS error due to those files.
.
proftpd-dfsg (1.3.1-16) unstable; urgency=low
.
* Enabled nls support to allow alternative encodings to work.
(closes: #503274)
Files:
71931680885920380b61c4e2c5d22e96 914 net optional proftpd-dfsg_1.3.1-17lenny2~bpo40+1.dsc
a4357d03283a8a29eff81b69ab04de21 101044 net optional proftpd-dfsg_1.3.1-17lenny2~bpo40+1.diff.gz
ea20ee7eec45a306ca83b9edf642fa43 694734 net optional proftpd-basic_1.3.1-17lenny2~bpo40+1_i386.deb
4ff86558fc8dd1c2b058418cfe2d38c8 203232 net optional proftpd-mod-mysql_1.3.1-17lenny2~bpo40+1_i386.deb
323d30dea2229caf8b56e8ebf847a2d2 203214 net optional proftpd-mod-pgsql_1.3.1-17lenny2~bpo40+1_i386.deb
634a283fdb7edac7e7156147124de564 213190 net optional proftpd-mod-ldap_1.3.1-17lenny2~bpo40+1_i386.deb
3143674304be1acda5545300d32582d7 194998 net optional proftpd_1.3.1-17lenny2~bpo40+1_all.deb
0ea1d392dcc3d8026f247293dcc1ba66 1256466 doc optional proftpd-doc_1.3.1-17lenny2~bpo40+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkm1kaQACgkQpFNRmenyx0eX4ACXeDf5vPG6KXmb2Wy1GA1OuBSF
CACfaqLJjwshcpq8AhGBChyq/H5agK8=
=eJs1
-----END PGP SIGNATURE-----
Accepted:
proftpd-basic_1.3.1-17lenny2~bpo40+1_i386.deb
to pool/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2~bpo40+1_i386.deb
proftpd-dfsg_1.3.1-17lenny2~bpo40+1.diff.gz
to pool/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2~bpo40+1.diff.gz
proftpd-dfsg_1.3.1-17lenny2~bpo40+1.dsc
to pool/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2~bpo40+1.dsc
proftpd-doc_1.3.1-17lenny2~bpo40+1_all.deb
to pool/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny2~bpo40+1_all.deb
proftpd-mod-ldap_1.3.1-17lenny2~bpo40+1_i386.deb
to pool/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2~bpo40+1_i386.deb
proftpd-mod-mysql_1.3.1-17lenny2~bpo40+1_i386.deb
to pool/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2~bpo40+1_i386.deb
proftpd-mod-pgsql_1.3.1-17lenny2~bpo40+1_i386.deb
to pool/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2~bpo40+1_i386.deb
proftpd_1.3.1-17lenny2~bpo40+1_all.deb
to pool/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny2~bpo40+1_all.deb
Reply to: