Univention Bugzilla – Full Text Bug Listing |
Summary: | proftpd-dfsg: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | ||
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-3-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) NVD | ||
Bug Depends on: | 50863 | ||
Bug Blocks: |
Description
Quality Assurance
2020-02-27 15:35:35 CET
--- mirror/ftp/4.4/unmaintained/4.4-3/source/proftpd-dfsg_1.3.5b-4+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/proftpd-dfsg_1.3.5b-4+deb9u4.dsc @@ -1,3 +1,17 @@ +1.3.5b-4+deb9u4 [Tue, 25 Feb 2020 22:43:05 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Ensure that we do not reuse already-destroyed memory pools during data + transfers (CVE-2020-9273) (Closes: #951800) + * Clear the data-transfer instigating command pool but keep a memory pool. + Fixes regression in the %{transfer-status} LogFormat functionality. + +1.3.5b-4+deb9u3 [Tue, 31 Dec 2019 11:06:16 +0100] Hilmar Preusse <hille42@web.de>: + + * Cherry pick patch from upstream: + - for upstream bug #861 (CVE-2019-19269) (Closes: #946345) + Patch named upstream_pull_861_CVE-2019-19269 + 1.3.5b-4+deb9u2 [Wed, 23 Oct 2019 23:34:50 +0200] Hilmar Preusse <hille42@web.de>: * Add patch from upstream to address CVE-2019-18217. <http://10.200.17.11/4.4-3/#2467343062219912264> Requires new MariaDB-10.1.44 as it was re-compiled after Bug #50863. OK: yaml OK: announce_errata OK: patch ~OK: piuparts due to pending MariaDB-10.1.14 update OK: apt install -t apt univention-ftp [4.4-3] b56f01c232 Bug #50876: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) [4.4-3] 57c0b2b980 Bug #50876: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) |