I did not received any answer about this question (probably because I erroneously followed-up another thread). Sorry for the noise... Hi RMs and security teams I just uploaded a new version of proftpd-dfsg on sid fixing a recently discovered security issue. After some discussion with TJ (proftpd PM) The problem is not of interest for 1.3.0 (etch version) because it lacks relevant code present in successive versions. At the same time, I found a libtool-related problem due to an uncomplete cleaning of working files, which causes a FTBS in 1.3.1-16 with current libtool. Relevant changelog: proftpd-dfsg (1.3.1-17) unstable; urgency=high . * Security: added 3173.dpatch patch to manage a critical encoding-dependent SQL injection with SQL-based authentication. See http://bugs.proftpd.org/show_bug.cgi?id=3173. This is fixed in 1.3.2. Thanks TJ for backported patch. * Now debian/rules removes at cleaning time a couple of .la files under contrib/ still around after building. This fixes a recently discovered FTBS error due to those files. Cheers. PS: No CVE code is assigned at my knowledge at this time. -- Francesco P. Lovergine
Attachment:
signature.asc
Description: Digital signature