[Secure-testing-team] Re: proftpd, low impact DoS bug
Francesco P. Lovergine
frankie at debian.org
Tue Nov 28 16:27:55 CET 2006
On Tue, Nov 28, 2006 at 01:27:06PM +0100, Francesco P. Lovergine wrote:
> Sigh
>
> http://bugs.proftpd.org/show_bug.cgi?id=2858
>
> we need to properly fix the issue, a wrong patch was around (basically
> the same 'fixed' by other vendors) so I'm preparing both a sid and sarge
> package...
>
>
I'm asking for confirmation to proftpd folk, anyway the 1.3.0 patch does not
apply to 1.2.10 sreplace() implementation, which is in some way more
limited. Just in case, the safest thing to do would be using the 1.3.0
implementation of sreplace() in 1.2.10 for sarge (and removing the other patch applied
some days ago for security.d.o)
Pointers:
1.3.0a vs 1.3.0 patch:
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/support.c?r1=1.79&r2=1.80&sortby=date
1.3.0a version of support.c
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/support.c?revision=1.80&view=markup&sortby=date
1.2.10 version of support.c:
http://proftp.cvs.sourceforge.net/proftp/proftpd/src/support.c?revision=1.69&view=markup&sortby=date
--
Francesco P. Lovergine
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061128/3e5b5c75/attachment.pgp
More information about the Secure-testing-team
mailing list