Publishing details
Changelog
proftpd-dfsg (1.3.2e-4ubuntu0.2) maverick; urgency=low
* SECURITY UPDATE: Use-after-free vulnerability in the Response API in ProFTPd
before 1.3.3g allows remote authenticated users to execute arbitrary code
via vectors involving an error that occurs after an FTP data transfer.
- debian/patches/CVE-2011-4130.patch: Based on 3711 debian patches
- http://bugs.proftpd.org/show_bug.cgi?id=3711
- CVE-2011-4130
* SECURITY UPDATE: fixes the issue by causing mod_tls to clear the buffers
of any data received from the client, once the SSL/TLS handshake has
succeeded.
- debian/patches/CVE-2011-041.dpatch. Based on debian 3624 patch.
- http://bugs.proftpd.org/show_bug.cgi?id=3624
- This is similar to CVE-2011-041
-- Mahyuddin Susanto <email address hidden> Sat, 17 Dec 2011 15:27:09 +0700
Builds
Built packages
-
proftpd-basic
Versatile, virtual-hosting FTP daemon - binaries
-
proftpd-dev
Versatile, virtual-hosting FTP daemon - development files
-
proftpd-doc
Versatile, virtual-hosting FTP daemon - documentation
-
proftpd-mod-ldap
Versatile, virtual-hosting FTP daemon - LDAP module
-
proftpd-mod-mysql
Versatile, virtual-hosting FTP daemon - MySQL module
-
proftpd-mod-odbc
Versatile, virtual-hosting FTP daemon - ODBC module
-
proftpd-mod-pgsql
Versatile, virtual-hosting FTP daemon - PostgreSQL module
-
proftpd-mod-sqlite
Versatile, virtual-hosting FTP daemon - SQLite3 module
Package files