Bug#1060417: marked as done (bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u3)

To: Jonathan Wiltshire <jmw@coccia.debian.org>
Subject: Bug#1060417: marked as done (bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u3)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 10 Feb 2024 13:16:08 +0000
Message-id: <[🔎] handler.1060417.D1060417.1707570685683973.ackdone@bugs.debian.org>
Reply-to: 1060417@bugs.debian.org
References: <E1rYn8b-002yau-57@coccia.debian.org> <ZZ8i45vRkX-XUhJz@rasppi1.fritz.box>

Your message dated Sat, 10 Feb 2024 13:11:21 +0000
with message-id <E1rYn8b-002yau-57@coccia.debian.org>
and subject line Released with 12.5
has caused the Debian Bug report #1060417,
regarding bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1060417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060417
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u3
From: Hilmar Preusse <hille42@web.de>
Date: Thu, 11 Jan 2024 00:06:11 +0100
Message-id: <ZZ8i45vRkX-XUhJz@rasppi1.fritz.box>

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: proftpd-dfsg@packages.debian.org
Control: affects -1 + src:proftpd-dfsg

[Reason]
The version currently in Debian stable suffers from two
different security issues:
- CVE-2023-48795 (Terrapin attack)
- CVE-2023-51713 one-byte out-of-bounds read, and daemon
  crash, because of mishandling of quote/backslash semantics

[ Impact ]
Proftp further suffers from the described security issues.

[ Tests ]
The upstream source package provides a test suite, which
is still running fine after applying the patch.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
- Patch for CVE-2023-48795 (copied from upstream's repo)
- Patch for CVE-2023-51713 (copied from upstream's repo)

-- 
sigmentation fault

Attachment: proftpd-dfsg_1.3.8+dfsg-4+deb12u3.debdiff.xz
Description: application/xz

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 1060417-done@bugs.debian.org

Subject: Released with 12.5

From: Jonathan Wiltshire <jmw@coccia.debian.org>

Date: Sat, 10 Feb 2024 13:11:21 +0000

Message-id: <E1rYn8b-002yau-57@coccia.debian.org>
Version: 12.5

The upload requested in this bug has been released as part of 12.5.
--- End Message ---

Reply to:

Prev by Date: Bug#1060122: marked as done (bookworm-pu: package atril/1.26.0-2+deb12u1)
Next by Date: Bug#1060129: marked as done (bookworm-pu: package libmateweather/1.26.0-1.1+deb12u2)
Previous by thread: Bug#1060122: marked as done (bookworm-pu: package atril/1.26.0-2+deb12u1)
Next by thread: Bug#1060129: marked as done (bookworm-pu: package libmateweather/1.26.0-1.1+deb12u2)
Index(es):
- Date
- Thread