SECURITY: please hint proftpd-dfsg 1.3.0-17 for etch.

To: "Francesco P. Lovergine" <frankie@debian.org>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, team@security.debian.org, debian-release@lists.debian.org
Subject: SECURITY: please hint proftpd-dfsg 1.3.0-17 for etch.
From: "Francesco P. Lovergine" <frankie@debian.org>
Date: Thu, 14 Dec 2006 10:37:31 +0100
Message-id: <[🔎] 20061214093731.GC3050@mithrandir>
In-reply-to: <20061214090635.GA3050@mithrandir>
References: <20061214080017.GA10227@inutil.org> <20061214090635.GA3050@mithrandir>

On Thu, Dec 14, 2006 at 10:06:36AM +0100, Francesco P. Lovergine wrote:
> On Thu, Dec 14, 2006 at 09:00:18AM +0100, Moritz Muehlenhoff wrote:
> > Hi,
> > http://www.coresecurity.com/?module=ContentMod&action=item&id=1594
> > It appears as if proftpd in stable is not affected, as the default
> > seems to be to build w/o ctrls support and I haven't found a 
> > configure flag to enable it. Can you confirm?
> > 
> > Cheers,
> >         Moritz
> 
> mod_cntrl is available in 1.3.0+ and the module is indeed loaded statically, 
> I'm looking better into the issue. So sarge is NOT affected, at least.
> 

Just one more patch:

proftpd-dfsg (1.3.0-17) unstable; urgency=high

  * SECURITY: ProFTPD Controls Buffer Overflow, locally exploitable. This is fixed in 1.3.1.
    New patch CORE-2006-1127 added.
    See http://www.coresecurity.com/?module=ContentMod&action=item&id=1594
    and http://bugs.proftpd.org/show_bug.cgi?id=2867 for reference.

and thanks for all the fish :)

-- 
Francesco P. Lovergine

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: SECURITY: please hint proftpd-dfsg 1.3.0-17 for etch.
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: enemies-of-carlotta security problem: please allow fix into etch
Next by Date: Re: SECURITY: please hint proftpd-dfsg 1.3.0-17 for etch.
Previous by thread: Re: Please unblock zile
Next by thread: Re: SECURITY: please hint proftpd-dfsg 1.3.0-17 for etch.
Index(es):
- Date
- Thread