Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: proftpd-d...@packages.debian.org Control: affects -1 + src:proftpd-dfsg
[Reason] The version currently in Debian stable suffers from two different security issues: - CVE-2023-48795 (Terrapin attack) - CVE-2023-51713 one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics [ Impact ] Proftp further suffers from the described security issues. [ Tests ] The upstream source package provides a test suite, which is still running fine after applying the patch. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] - Patch for CVE-2023-48795 (copied from upstream's repo) - Patch for CVE-2023-51713 (copied from upstream's repo) -- sigmentation fault
proftpd-dfsg_1.3.8+dfsg-4+deb12u3.debdiff.xz
Description: application/xz
signature.asc
Description: PGP signature