Bug#790692: wheezy-pu: package ftpd-ssl/0.17.33+0.3-1+deb7u1

Tue, 30 Jun 2015 14:33:45 -0700 

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu

Hello all,

I would like to proceed with an update also to
oldstable/wheezy of the SSL-enhanced FTP server
built from linux-ftpd-ssl. It deals with the
same denial of service as was established in
the report #788331, and the remedy is identical
to the one applied to testing as well has been
queued for jessie-pu. The relevant debdiff is
herewith attached.

Best regards,
  Mats Erik Andersson, present maintainer of linux-ftpd-ssl.

diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog 
linux-ftpd-ssl-0.17.33+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20 03:47:23.000000000 
+0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-30 01:04:24.000000000 
+0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1+deb7u1) wheezy; urgency=medium
+
+  * QA Upload
+  * NLST of empty directory results in segfault. (Closes: #788331)
+    + debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson <mats.anders...@gisladisker.se>  Tue, 30 Jun 2015 
01:04:03 +0200
+
 linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
 
   * Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 
linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff      2011-04-20 
03:47:23.000000000 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff      2015-06-16 
13:46:42.000000000 +0200
@@ -3,7 +3,7 @@
 Origin: 
ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
 Forwarded: not-needed
 Author: Tim Hudson <t...@cryptsoft.com>
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
 
 Index: linux-ftpd-ssl/ftpd/Makefile
 ===================================================================
@@ -917,10 +917,12 @@
                                byte_count += strlen(nbuf) + 1;
                        }
                }
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+               reply(226, "Transfer complete.");
  
        transflag = 0;
-       if (dout != NULL)
+-      if (dout != NULL)
++      if (dout != NULL) {
 +#ifdef USE_SSL
 +                if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
 +                  SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
 +              }
 +#endif /* USE_SSL */
                (void) fclose(dout);
++      }
        data = -1;
        pdata = -1;
+ out:
 @@ -2792,3 +3287,223 @@
  }
  #endif        /* TCPWRAPPERS */

Reply via email to