Bug 49968 - proftpd-dfsg: Multiple issues (4.4)
proftpd-dfsg: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-06 18:19 CEST by Quality Assurance
Modified: 2019-08-07 15:44 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) NVD


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-08-06 18:19:44 CEST
New Debian proftpd-dfsg 1.3.5b-4+deb9u1 fixes:
This update addresses the following issues:
* An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b  allows for remote code execution and information disclosure without  authentication, a related issue to CVE-2015-3306. (CVE-2019-12815)
Comment 1 Quality Assurance univentionstaff 2019-08-06 19:00:29 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/proftpd-dfsg_1.3.5b-4.dsc
+++ apt/ucs_4.4-0-errata4.4-1/source/proftpd-dfsg_1.3.5b-4+deb9u1.dsc
@@ -1,3 +1,8 @@
+1.3.5b-4+deb9u1 [Thu, 01 Aug 2019 11:34:23 +0200] Hilmar Preusse <hille42@web.de>:
+
+  * proftpd-1.3.5e-CVE-2019-12815.patch by Paul Howarth <paul@city-fan.org>
+    to solve CVE-2019-12815 (Closes: #932453).
+
 1.3.5b-4 [Wed, 05 Apr 2017 15:57:53 +0200] Francesco Paolo Lovergine <frankie@debian.org>:
 
   * Added patch CVE-2017-7418 to add recursive handling of DefalutRoot path.

<http://10.200.17.11/4.4-1/#2467343062223159839>
Comment 2 Philipp Hahn univentionstaff 2019-08-07 08:23:43 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-1] 8be6f9aa73 Bug #49968: proftpd-dfsg 1.3.5b-4+deb9u1
 doc/errata/staging/proftpd-dfsg.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

[4.4-1] 2d376c6555 Bug #49968: proftpd-dfsg 1.3.5b-4+deb9u1
 doc/errata/staging/proftpd-dfsg.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-08-07 15:44:38 CEST
<http://errata.software-univention.de/ucs/4.4/209.html>