This bug was fixed in the package proftpd-dfsg - 1.3.2c-1ubuntu0.1
---
proftpd-dfsg (1.3.2c-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Telnet IAC processing stack overflow.
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable i
Package is in place on the main ftp server here and is performing as
expected.
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-
Good spot.
On 20 November 2010 07:54, Steve Beattie wrote:
> Oh, I should point out that the CVE_2010_3867.dpatch you provided
> contained a reference to a dir_canonical_dst() function, which bothe
> generated a new compilation warning due to the arguments not matched the
> expected types and tha
Oh, I should point out that the CVE_2010_3867.dpatch you provided
contained a reference to a dir_canonical_dst() function, which bothe
generated a new compilation warning due to the arguments not matched the
expected types and that I was unable to find defined in the source. I
assumed it was the re
Neil, thanks. I've built lucid and maverick versions into the ubuntu-
security-proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ppa/+packages and performed light testing on them.
It'd be great if you could test these as well before we pocket copy
these to the update pockets
** Attachment added: "Mod_site_misc test script"
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/674798/+attachment/1732144/+files/ftp_hack_proof.py
** Changed in: proftpd-dfsg (Ubuntu)
Status: In Progress => Confirmed
** Changed in: proftpd-dfsg (Ubuntu)
Assignee: Br
Built locally and on PPA.
https://launchpad.net/~brightbox/+archive/experimental/+sourcepub/1363310
/+listing-archive-extra
Tested on lucid VM.
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notification because you are a member of Ubuntu
Bugs, w
Library interfaces have changed which makes using the Debian patch
impractical. Recoded patch for 1.3.2 interfaces.
Debdiff attached and tested with modified python script based on
http://www.securiteam.com/unixfocus/6R0360A0AY.html
--
Backport proftpd security fixes
https://bugs.launchpad.net/b
** Patch added: "Debdiff patch for both security issues"
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/674798/+attachment/1732143/+files/proftpd-dfsg_1.3.2c-1ubuntu0.1.debdiff
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notifi
Security patch for directory traversal does not apply cleanly to 1.3.2
code.
The interface of mod_site_misc has not changed to the Debian version and
it seems safest and simplest to backport the entire patched module.
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You
Directory traversal upstream bug
http://bugs.proftpd.org/show_bug.cgi?id=3519
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-
http://www.securiteam.com/unixfocus/6R0360A0AY.html
** Bug watch added: ProFTPD Bugzilla #3519
http://bugs.proftpd.org/show_bug.cgi?id=3519
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notification because you are a member of Ubuntu
Bugs, whi
Directory traversal bug affects ProFTPd version range 1.3.0a (2006) to
1.3.3b (latest version)
--
Backport proftpd security fixes
https://bugs.launchpad.net/bugs/674798
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mail
Vulnerability in versions of proftpd between proftpd-1.3.2rc3 and
proftpd-1.3.3
http://bugs.proftpd.org/show_bug.cgi?id=3521
Patches available in Debian.
http://packages.debian.org/changelogs/pool/main/p/proftpd-dfsg/proftpd-
dfsg_1.3.3a-5/changelog
--
Backport proftpd security fixes
https://b
14 matches
Mail list logo
