From: Peter Marko <[email protected]> This ancient CVE [1] is unversioned ("*") in NVD DB. "mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around the time when this CVE was published, likely as reaction to this CVE. "mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the distribution. They are currently unmaintained and have numerous bugs." Note: It was later re-introduced as mod_sql when it got fixed under new maintainer. [1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027 [2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb index ec38fb54e1..2488c30d53 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb @@ -23,6 +23,8 @@ S = "${WORKDIR}/git" inherit autotools-brokensep useradd update-rc.d systemd multilib_script +CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" + EXTRA_OECONF += "--enable-largefile" PACKAGECONFIG ??= "shadow \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121744): https://lists.openembedded.org/g/openembedded-devel/message/121744 Mute This Topic: https://lists.openembedded.org/mt/116311440/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
