Attaching debdiff of upstream patch for trusty package. Precise is also vulnerable, so I will mark that as well while I work on that next.
My primary test before/after patch: 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:10.129.53.2] USER bmorton 331 Password required for bmorton PASS ******* 230 User bmorton logged in site cpfr /etc/passwd 350 File or directory exists, ready for destination name site cpto /tmp/passwd.copy 250 Copy successful 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:10.129.53.2] site cpfr /etc/passwd Connection closed by foreign host. ** Patch added: "Upstream patch applied for trusty" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787121/+files/proftpd-dfsg_1.3.5~rc3-2.1ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
