On Sun, Jul 21, 2019 at 02:31:56PM -0300, Markus Koschany wrote: > Hi, > > On Fri, 19 Jul 2019 20:35:19 +0200 =?UTF-8?Q?Hilmar_Preu=c3=9fe?= > <hill...@web.de> wrote: > > On 19.07.19 17:41, Moritz Muehlenhoff wrote: > > > > Hi, > > > > > Please see: > > > http://bugs.proftpd.org/show_bug.cgi?id=4372 > > > https://github.com/proftpd/proftpd/pull/816 > > > > > The patch from upstream applies nicely to our master branch (and would > > apply to the buster package too). I could upload the fix to Debian sid > > right now. Will you care about stable and oldstable? > > I can take care of oldstable because I wanted to upload a new stretch-pu > anyway. We can either choose to release the fix for CVE-2019-12815 via > DSA separately and afterwards I merge it into the stretch-pu or we can > do all at once. There are considerable changes to fix the previous > memory leaks which would make the diff harder to review though.
Let's better untangle those. Cheers, Moritz