Your message dated Wed, 06 May 2026 21:06:53 +0000
with message-id <[email protected]>
and subject line Bug#1135840: fixed in proftpd-dfsg 1.3.9a~dfsg-1
has caused the Debian Bug report #1135840,
regarding proftpd-core: CVE-2026-44331 SQL Injection in mod_wrap2_sql via
reverse DNS hostname
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135840
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proftpd-core
Version: 1.3.9~dfsg-5
Severity: important
Tags: upstream patch security pending
Dear Maintainer,
See upstream URL for discussion [1]. Issue affects Debian unstable. Not
sure about stable / oldstable etc. yet.
Hilmar
[1] https://github.com/proftpd/proftpd/issues/2057
-- System Information:
Debian Release: 13.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf
Kernel: Linux 6.12.75+rpt-rpi-2712 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages proftpd-core depends on:
ii adduser 3.152
ii init-system-helpers 1.69~deb13u1
ii libacl1 2.3.2-2+b1
ii libc6 2.41-12+rpt1+deb13u2
ii libcap2 1:2.75-10+b8
ii libcrypt1 1:4.4.38-1
pn libhiredis1.1.0 <none>
ii libidn2-0 2.3.8-2
pn libmemcached11t64 <none>
pn libmemcachedutil2t64 <none>
ii libncursesw6 6.5+20250216-2
ii libpam-runtime 1.7.0-5
ii libpam0g 1.7.0-5
ii libpcre2-8-0 10.46-1~deb13u1
pn libpcre2-posix3 <none>
ii libssl3t64 3.5.5-1~deb13u2+rpt1
ii libtinfo6 6.5+20250216-2
ii netbase 6.5
ii ucf 3.0052
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages proftpd-core recommends:
pn proftpd-doc <none>
Versions of packages proftpd-core suggests:
pn openbsd-inetd | inet-superserver <none>
ii openssl 3.5.5-1~deb13u2+rpt1
pn proftpd-mod-crypto <none>
pn proftpd-mod-geoip <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-snmp <none>
pn proftpd-mod-sqlite <none>
pn proftpd-mod-wrap <none>
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: proftpd-dfsg
Source-Version: 1.3.9a~dfsg-1
Done: Hilmar Preuße <[email protected]>
We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilmar Preuße <[email protected]> (supplier of updated proftpd-dfsg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 May 2026 22:48:53 +0200
Source: proftpd-dfsg
Architecture: source
Version: 1.3.9a~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ProFTPD Maintainance Team
<[email protected]>
Changed-By: Hilmar Preuße <[email protected]>
Closes: 1135840
Changes:
proftpd-dfsg (1.3.9a~dfsg-1) unstable; urgency=medium
.
* New upstream version, disable patches I cherry picked from upstream.
* GitLab CI: SALSA_CI_DISABLE_USCAN = 1
* Add patch for CVE-2026-44331 (Closes: #1135840).
.
[ Luca Boccassi <[email protected]> ]
* Install and use sysusers.d config file
* Stop deleting system users on purge
Checksums-Sha1:
10dee3953c7951f3581ff658930914b0d2ab0274 3460 proftpd-dfsg_1.3.9a~dfsg-1.dsc
3c83ff66322169b557bfdcf396980ce3eefdfdae 19543959
proftpd-dfsg_1.3.9a~dfsg.orig.tar.gz
2aac354eb3ecc70b16b30d4b539588c4fc0dc9fc 82844
proftpd-dfsg_1.3.9a~dfsg-1.debian.tar.xz
81a1c7d2a4fcd7d4dda68c2f3f36c1e86d7b7c64 5560
proftpd-dfsg_1.3.9a~dfsg-1_source.buildinfo
Checksums-Sha256:
f67fc32c3512303b586e9f185164f452c3c52426d5c2e36ea2404173e3371316 3460
proftpd-dfsg_1.3.9a~dfsg-1.dsc
3d45356e1177e01c9b7417a46eb71c16d0844af5b268c8125ade654164381d7e 19543959
proftpd-dfsg_1.3.9a~dfsg.orig.tar.gz
0876b780f70a95fd141fcd735281379e9c4a9dbc17a166fef70572685bb3d25f 82844
proftpd-dfsg_1.3.9a~dfsg-1.debian.tar.xz
c5e2fb16634aa00ee0b5129889eeb40545c98771dae2c6b9634b564761111a6f 5560
proftpd-dfsg_1.3.9a~dfsg-1_source.buildinfo
Files:
b084b39e7bd90f2b3016d7140e48b3f8 3460 net optional
proftpd-dfsg_1.3.9a~dfsg-1.dsc
281122a2112623ce544c44044c17f3b3 19543959 net optional
proftpd-dfsg_1.3.9a~dfsg.orig.tar.gz
49aac283b4e063376fdd5f970cec2718 82844 net optional
proftpd-dfsg_1.3.9a~dfsg-1.debian.tar.xz
cc16eb2931db255e76bbbfa2669df3fa 5560 net optional
proftpd-dfsg_1.3.9a~dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAmn7qXJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LItm0BAAld3N7obRmcMM8IyJddZHktMev/XhA9IiUCgg4uyt1zLyJxknjGWs0bHj
KTAe4+vLo9ZcPZoEK4CTTS7CRhplb4M3qBkArj5YzCqq2IbcAgxaCR2iumvzyUoG
QkhirbE41/YRjeVTJLjNbqM5LkSD1Ev3Q1M/Wwy2HD6RB00q8628NZWdWKD/Ntmw
dwmcEmnlGzlGEyaKh9hClc4Wz4UXzlPEuT65TmSQ1dRj1DdCfAE12Dz4k9y4MsE5
SdejgcU3Noe4J291SrAaLRNDOIeutUMYCvIZfXEkYU/QVKZucTHhj7XP4j2GArmO
nvgndphUv9T3A1h4HcLVdeuIRJjZyf2VOmUP9TJeXClL8oYW7Fh+yFw6ApAHEluB
v78Pn76wUOHMQ+VgJim7q2QPn8pIj9crTF2mXFhhuXI8S9NUEmiAcHRslyX7RK4k
T8snsNgY74cXB1gAeDkkBNh1sETeCSZFJFVOrxnOtwRZBwdx8A2ks9NnMeSbjMzQ
gwST6Z9qWPaMXxKpNvumwHCFvdvPOcn5BBUMuDdObuhLvzBqHEz5XDDu7qI8W8Da
R9+JKhzeocbQvtf2yBQx65ynLK7CUlfuPmMKTZr3sRT3esRKCY1w58HxK28QNpxv
K84KggPsMaM2ScuZy/uhHHG1vu3VzSAi6ioR7ItR5SQQCTS3Xcw=
=MY4O
-----END PGP SIGNATURE-----
pgp6ACRrj4S9M.pgp
Description: PGP signature
--- End Message ---
