Your message dated Thu, 05 Mar 2020 19:02:41 +0000
with message-id <[email protected]>
and subject line Bug#951800: fixed in proftpd-dfsg 1.3.5b-4+deb9u4
has caused the Debian Bug report #951800,
regarding CVE-2020-9273: buster affected
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
951800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951800
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proftpd-basic
Version: 1.3.6-4+deb10u3
Severity: important
Tags: upstream
This is to track CVE-2020-9273.
I'm not 100% sure if jessie is affected too. At least the
CVE does not report it.
Hilmar
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages proftpd-basic depends on:
ii adduser 3.118
ii debianutils 4.9.1
ii libacl1 2.2.53-5
ii libc6 2.29-10
ii libcap2 1:2.32-1
ii libcrypt1 1:4.4.10-10
ii libhiredis0.14 0.14.0-6
ii libmemcached11 1.0.18-4.2
ii libmemcachedutil2 1.0.18-4.2
ii libncursesw6 6.1+20191019-1
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libpcre3 2:8.39-12+b1
ii libssl1.1 1.1.1d-2
ii libtinfo6 6.1+20191019-1
ii libwrap0 7.6.q-30
ii lsb-base 11.1.0
ii netbase 6.1
ii sed 4.7-1
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1.2
Versions of packages proftpd-basic recommends:
pn proftpd-doc <none>
Versions of packages proftpd-basic suggests:
ii openbsd-inetd [inet-superserver] 0.20160825-4+b1
ii openssl 1.1.1d-2
pn proftpd-mod-geoip <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-snmp <none>
pn proftpd-mod-sqlite <none>
-- debconf information:
* shared/proftpd/inetd_or_standalone: from inetd
--- End Message ---
--- Begin Message ---
Source: proftpd-dfsg
Source-Version: 1.3.5b-4+deb9u4
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated proftpd-dfsg
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Feb 2020 22:43:05 +0100
Source: proftpd-dfsg
Architecture: source
Version: 1.3.5b-4+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: ProFTPD Maintainance Team
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 951800
Changes:
proftpd-dfsg (1.3.5b-4+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Ensure that we do not reuse already-destroyed memory pools during data
transfers (CVE-2020-9273) (Closes: #951800)
* Clear the data-transfer instigating command pool but keep a memory pool.
Fixes regression in the %{transfer-status} LogFormat functionality.
Checksums-Sha1:
78edf94eb6b9ee900e18ea778e6b00dc4191589a 2938 proftpd-dfsg_1.3.5b-4+deb9u4.dsc
72d3fb2e8459b335c1fc7005e0f966ecaf579a14 78204
proftpd-dfsg_1.3.5b-4+deb9u4.debian.tar.xz
Checksums-Sha256:
205d92dc6b77cc1163c42001ec44332c37e31205ddfb25a5bbf178304f640d21 2938
proftpd-dfsg_1.3.5b-4+deb9u4.dsc
0d40800831bfd3a5d7181c9902005c1e44b1b4ec657ffaa941ab80a8d7ac7296 78204
proftpd-dfsg_1.3.5b-4+deb9u4.debian.tar.xz
Files:
6f634fea2d0c41d2fadf67a187345a95 2938 net optional
proftpd-dfsg_1.3.5b-4+deb9u4.dsc
195e060d26c952422667706d1c3eb91f 78204 net optional
proftpd-dfsg_1.3.5b-4+deb9u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5WtsVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EzXcP/20fl+ArjGLQuEa2RGGSS16C7avxKHaL
Y3bNqsPK3iCjKAetr4kV/LrV4kkHVP++EZswiUA9Rd8M0pGx9EdSejAjrf/0erdi
Ck9cWEERwos/SSDNwOhLPZFdoUTtFwGBAeYAkDCIlyTa4Ncf4oqOgePSpH7Hx1qV
wEyH9RMjCjKd040mSZtZAxbYkDeHCqWpz5Ls2Yh0XxzNmYP1sdLXuZkuYzvR3W9a
5ViNhnwf03MOZwMt4cbdD+lmCSyU/X1RKLK/6MoKQlgQ9MYTU0u+gzUb78C/GibU
I1SidijNydynxGD9SAgXimcyz5W3GFQKZv4GWXbwSucEZP7QWlhQozxRzfu3AmAL
s93u2T+t7GetXIGzWvSu/FrvdCB0XknWWEXy3auNDpEsEq+8HpIHVkOT9S5l6PBq
fbxMg3TqtPsg44EZCH6LY7+11NDEJiBBgORqKz3mUTW+C+atGPk1FW+0XXvksGIT
UivwGRHgM/V1hBM/S5NcYMjgU6CshQpeZ5Z8NhvJWLcmyQTeVsb0b6FuLcdXh85I
anoNhosDAsV8dmF7F6UULz9SGrqo9e4NgqJUdpARLjHa/Z4soEDFJ41driHcq9Hi
6qKsIYNuXtqMIyezhx/AQq7Pf8gJlji7y6th6O/0OWQWK8/PQtP9yKuwOfmeEKG3
cEJPg1yQVhTh
=5kf3
-----END PGP SIGNATURE-----
--- End Message ---
