Univention Bugzilla – Bug 50466
proftpd-dfsg: Multiple issues (4.3)
Last modified: 2019-11-13 17:01:44 CET
New Debian proftpd-dfsg 1.3.5b-4+deb9u2 fixes: This update addresses the following issue: * ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. (CVE-2019-18217)
--- mirror/ftp/4.3/unmaintained/4.3-5/source/proftpd-dfsg_1.3.5b-4+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/proftpd-dfsg_1.3.5b-4+deb9u2.dsc @@ -1,3 +1,8 @@ +1.3.5b-4+deb9u2 [Wed, 23 Oct 2019 23:34:50 +0200] Hilmar Preusse <hille42@web.de>: + + * Add patch from upstream to address CVE-2019-18217. + (Closes: #942831) + 1.3.5b-4+deb9u1 [Thu, 01 Aug 2019 11:34:23 +0200] Hilmar Preusse <hille42@web.de>: * proftpd-1.3.5e-CVE-2019-12815.patch by Paul Howarth <paul@city-fan.org> <http://10.200.17.11/4.3-5/#2467343062226407414>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] 14f7512a3a Bug #50466: proftpd-dfsg 1.3.5b-4+deb9u2 doc/errata/staging/proftpd-dfsg.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.3-5] 5b86b4dcdc Bug #50466: proftpd-dfsg 1.3.5b-4+deb9u2 doc/errata/staging/proftpd-dfsg.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/612.html>