[Secure-testing-team] Security update: proftpd-dfsg 1.3.1-17
Francesco P. Lovergine
frankie at debian.org
Fri Feb 6 12:46:16 UTC 2009
Hi RMs and security teams
I just uploaded a new version of proftpd-dfsg on sid fixing a recently
discovered security issue. After some discussion with TJ (proftpd PM)
The problem is not of interest for 1.3.0 (etch version) because it lacks
relevant code present in successive versions. At the same time, I found
a libtool-related problem due to an uncomplete cleaning of working
files, which causes a FTBS in 1.3.1-16 with current libtool.
Relevant changelog:
proftpd-dfsg (1.3.1-17) unstable; urgency=high
.
* Security: added 3173.dpatch patch to manage a critical encoding-dependent SQL
injection with SQL-based authentication.
See http://bugs.proftpd.org/show_bug.cgi?id=3173. This is fixed in 1.3.2.
Thanks TJ for backported patch.
* Now debian/rules removes at cleaning time a couple of .la files
under contrib/ still around after building. This fixes a recently discovered
FTBS error due to those files.
Cheers.
PS: No CVE code is assigned at my knowledge at this time.
--
Francesco P. Lovergine
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090206/9bb8fb96/attachment.pgp
More information about the Secure-testing-team
mailing list