Bug#951800: marked as done (CVE-2020-9273: buster affected)

Debian Bug Tracking System Wed, 04 Mar 2020 12:21:26 -0800

Your message dated Wed, 4 Mar 2020 21:17:42 +0100
with message-id <[email protected]>
and subject line Re: Bug#951800: CVE-2020-9273: buster affected
has caused the Debian Bug report #951800,
regarding CVE-2020-9273: buster affected
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
951800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951800
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: proftpd-basic
Version: 1.3.6-4+deb10u3
Severity: important
Tags: upstream

This is to track CVE-2020-9273.

I'm not 100% sure if jessie is affected too. At least the
CVE does not report it.

Hilmar

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser            3.118
ii  debianutils        4.9.1
ii  libacl1            2.2.53-5
ii  libc6              2.29-10
ii  libcap2            1:2.32-1
ii  libcrypt1          1:4.4.10-10
ii  libhiredis0.14     0.14.0-6
ii  libmemcached11     1.0.18-4.2
ii  libmemcachedutil2  1.0.18-4.2
ii  libncursesw6       6.1+20191019-1
ii  libpam-runtime     1.3.1-5
ii  libpam0g           1.3.1-5
ii  libpcre3           2:8.39-12+b1
ii  libssl1.1          1.1.1d-2
ii  libtinfo6          6.1+20191019-1
ii  libwrap0           7.6.q-30
ii  lsb-base           11.1.0
ii  netbase            6.1
ii  sed                4.7-1
ii  ucf                3.0038+nmu1
ii  zlib1g             1:1.2.11.dfsg-1.2

Versions of packages proftpd-basic recommends:
pn  proftpd-doc  <none>

Versions of packages proftpd-basic suggests:
ii  openbsd-inetd [inet-superserver]  0.20160825-4+b1
ii  openssl                           1.1.1d-2
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-snmp                  <none>
pn  proftpd-mod-sqlite                <none>

-- debconf information:
* shared/proftpd/inetd_or_standalone: from inetd

--- End Message ---

--- Begin Message ---

Version: 1.3.5b-4+deb9u4
Version: 1.3.6-4+deb10u4

On 2/21/20 10:07 PM, Hilmar Preusse wrote:

> This is to track CVE-2020-9273.
> 
> I'm not 100% sure if jessie is affected too. At least the
> CVE does not report it.
> 
Solved in buster-security & stretch-security.

H.
-- 
sigfault
#206401 http://counter.li.org

signature.asc
Description: OpenPGP digital signature

--- End Message ---

Bug#951800: marked as done (CVE-2020-9273: buster affected)

Reply via email to