Source: pure-ftpd Version: 1.0.49-3 Severity: important Tags: security upstream
Hi, The following vulnerability was published for pure-ftpd. CVE-2020-9274[0]: | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer | vulnerability has been detected in the diraliases linked list. When | the *lookup_alias(const char alias) or print_aliases(void) function is | called, they fail to correctly detect the end of the linked list and | try to access a non-existent list member. This is related to | init_aliases in diraliases.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-9274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9274 [1] https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa Please adjust the affected versions in the BTS as needed. Regards, Salvatore
