Univention Bugzilla – Bug 49968
proftpd-dfsg: Multiple issues (4.4)
Last modified: 2019-08-07 15:44:38 CEST
New Debian proftpd-dfsg 1.3.5b-4+deb9u1 fixes: This update addresses the following issues: * An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. (CVE-2019-12815)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/proftpd-dfsg_1.3.5b-4.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/proftpd-dfsg_1.3.5b-4+deb9u1.dsc @@ -1,3 +1,8 @@ +1.3.5b-4+deb9u1 [Thu, 01 Aug 2019 11:34:23 +0200] Hilmar Preusse <hille42@web.de>: + + * proftpd-1.3.5e-CVE-2019-12815.patch by Paul Howarth <paul@city-fan.org> + to solve CVE-2019-12815 (Closes: #932453). + 1.3.5b-4 [Wed, 05 Apr 2017 15:57:53 +0200] Francesco Paolo Lovergine <frankie@debian.org>: * Added patch CVE-2017-7418 to add recursive handling of DefalutRoot path. <http://10.200.17.11/4.4-1/#2467343062223159839>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 8be6f9aa73 Bug #49968: proftpd-dfsg 1.3.5b-4+deb9u1 doc/errata/staging/proftpd-dfsg.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.4-1] 2d376c6555 Bug #49968: proftpd-dfsg 1.3.5b-4+deb9u1 doc/errata/staging/proftpd-dfsg.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.4/209.html>