Accepted proftpd-dfsg 1.3.8+dfsg-4+deb12u3 (source) into proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 09 Jan 2024 21:52:35 +0000
Source: proftpd-dfsg
Architecture: source
Version: 1.3.8+dfsg-4+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
Changed-By: Hilmar Preusse <hille42@web.de>
Changes:
proftpd-dfsg (1.3.8+dfsg-4+deb12u3) bookworm; urgency=medium
.
* Add patch for Terrapin attack (CVE-2023-48795).
* make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte
out-of-bounds read, and daemon crash, because of mishandling of
quote/backslash semantics (CVE-2023-51713).
Checksums-Sha1:
d7c9b2fbfbe5ec2a569c570c4b7d6ce9340c6656 3433 proftpd-dfsg_1.3.8+dfsg-4+deb12u3.dsc
a0ef445d6d058717abd55747ec858574438430ca 86684 proftpd-dfsg_1.3.8+dfsg-4+deb12u3.debian.tar.xz
c5c3f7d718840382aacaaaad7b4e665cf7f8e16d 6089 proftpd-dfsg_1.3.8+dfsg-4+deb12u3_source.buildinfo
Checksums-Sha256:
092d38197a242578ea863963a0a6367faf29739efa80fcce0b40b416a1a95d00 3433 proftpd-dfsg_1.3.8+dfsg-4+deb12u3.dsc
5d37ce8fbd00c7480d6dbff1fba4859a483698b58e4a81a99108de539a323a14 86684 proftpd-dfsg_1.3.8+dfsg-4+deb12u3.debian.tar.xz
ff4a43a6874ba7ac51bb1463c4bd0ec823129d70ccaa1d17c53f9018ae694786 6089 proftpd-dfsg_1.3.8+dfsg-4+deb12u3_source.buildinfo
Files:
3c657bb26b9a2f749d6f24c1a240b4fc 3433 net optional proftpd-dfsg_1.3.8+dfsg-4+deb12u3.dsc
49eef686d09dd3e4fa1b2bf0e446274d 86684 net optional proftpd-dfsg_1.3.8+dfsg-4+deb12u3.debian.tar.xz
e7a517950fa463347c318cd115dffa10 6089 net optional proftpd-dfsg_1.3.8+dfsg-4+deb12u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAmWdwNNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LIuSCQ//fLqVTvEsFyZBkHNUgRH7UHJ+6MRFw60siDH5UfNGr5deDI09KebNhX83
ZzkNV8m6qJqrAgyqJ8nAGPsfB6R70G2cuQHze+e2D7rMiZdoo0nVnMU80O72j/Kw
bJoHQRbr3P89pa9kWtabOPPU8o4cpCDoJM4jJXK8lmwXd4TJOJBOQmkNlCiN0ecf
HD3jel5/kwor9ElVBQ6kj3CHFGlmkOVe3gYqCcy0ewNp4U/Avci7B7kPKuowiO8a
nriZ7gx2rPwKpiuq9vzf94D5C1uLxvLugSbi9/q5fIubSjLY3VWKMMGmEk03ML/X
plbaeJKyMS5gxH+QdHFPEHSfYif/i9ACu+PA2Ud5RY8YTleFLmTPX+9HouPxoLCT
S+oCwQx/y8dFMyxeKmJwbsNtuzyLydMu5kbMgcjhSOw9ak3zFm0WEVH+ZP65sjE+
G/q/d3Ei7/0G0ozLmD7AOdUtJgZf9mD1L40lLLw+g9WgPD7GWzBOqlytAqRztmGC
rEGEP7j3mLI0ZroflLlYigMROacCzI9AHGb9v+snOtzFjygLlv2aXSvwJeSP4ggk
OIuIkqhuFeTXlaT85EaIWeI8G/zZjaCETeUnPUbgHL84NfXfgV69tlo6b8I4g0ga
1HffPihe3OTWZrIIUBxNcJ2J3DlB9BxThGC4SvtW/aEHIojZqgs=
=2qpc
-----END PGP SIGNATURE-----
Reply to: