[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Changed in: proftpd-dfsg (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
This bug was fixed in the package proftpd-dfsg - 1.3.4a-1ubuntu0.1 --- proftpd-dfsg (1.3.4a-1ubuntu0.1) precise-security; urgency=low * SECURITY UPDATE: The mod_copy module in ProFTPD 1.3.4a allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. (LP: #1462311) - debian/patches/CVE-2015-3306.patch: adjust contrib/mod_copy.c to check authentication status. Based on upstream patch. - CVE-2015-3306 -- Brian MortonSat, 4 Dec 2016 15:16:02 -0500 ** Changed in: proftpd-dfsg (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: proftpd-dfsg (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
This bug was fixed in the package proftpd-dfsg - 1.3.5~rc3-2.1ubuntu2.1 --- proftpd-dfsg (1.3.5~rc3-2.1ubuntu2.1) trusty-security; urgency=low * SECURITY UPDATE: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. (LP: #1462311) - debian/patches/CVE-2015-3306.patch: adjust contrib/mod_copy.c to check authentication status. Based on upstream patch. - CVE-2015-3306 -- Brian MortonSat, 4 Dec 2016 15:34:12 -0500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Changed in: proftpd-dfsg (Ubuntu Precise) Status: In Progress => Confirmed ** Changed in: proftpd-dfsg (Ubuntu Trusty) Status: In Progress => Confirmed ** Changed in: proftpd-dfsg (Ubuntu Precise) Assignee: Tyler Hicks (tyhicks) => (unassigned) ** Changed in: proftpd-dfsg (Ubuntu Trusty) Assignee: Tyler Hicks (tyhicks) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Hi Brian - Thanks for the debdiffs and your work to improve the security of Ubuntu. :) During my review of the debdiffs, I noticed a few minor issues: 1) I had to run the debdiffs through dos2unix to make the patch utility happy 2) I had to add a single newline to the end of the debdiffs to make the patch utility happy 3) I adjusted the precise version from 1.3.4a-2 to 1.3.4a-1ubuntu0.1, as documented in https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging As mentioned, these were minor issues and everything else looked good to me. As for the backport, I think it was probably a good idea that you left out the configuration changes. It would have been better if the testing changes could have been included (assuming that the tests are run at build time, I haven't checked) but the patch is simple enough that I have confidence that it is correct. Thanks again. I'll be uploading these changes soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Also affects: proftpd-dfsg (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: proftpd-dfsg (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: proftpd-dfsg (Ubuntu Precise) Status: New => In Progress ** Changed in: proftpd-dfsg (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: proftpd-dfsg (Ubuntu Precise) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: proftpd-dfsg (Ubuntu Trusty) Status: New => In Progress ** Changed in: proftpd-dfsg (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: proftpd-dfsg (Ubuntu Trusty) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Changed in: proftpd-dfsg (Ubuntu) Importance: Undecided => Medium ** Tags removed: cve-2015-3306 ** Tags added: precise trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Adding reworked patch for trusty that fixes an API issue with returning the error code/message and is more minimal and appropriate for a backported fix. ** Patch removed: "Debdiff of upstream patch for precise" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787127/+files/proftpd-dfsg_1.3.4a-2.debdiff ** Patch removed: "Upstream patch applied for trusty" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787121/+files/proftpd-dfsg_1.3.5~rc3-2.1ubuntu2.1.debdiff ** Patch added: "Debdiff of upstream patch for trusty" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787404/+files/proftpd-dfsg_1.3.5~rc3-2.1ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Adding reworked patch for precise that fixes an API issue with returning the error code/message and is more minimal and appropriate for a backported fix. ** Patch added: "Debdiff of upstream patch for precise" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787405/+files/proftpd-dfsg_1.3.4a-2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
The attachment "Upstream patch applied for trusty" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Attaching debdiff of upstream patch for precise. Tested in same manner as trusty. ** Patch added: "Debdiff of upstream patch for precise" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787127/+files/proftpd-dfsg_1.3.4a-2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Attaching debdiff of upstream patch for trusty package. Precise is also vulnerable, so I will mark that as well while I work on that next. My primary test before/after patch: 220 ProFTPD 1.3.5rc3 Server (Debian) [:::10.129.53.2] USER bmorton 331 Password required for bmorton PASS *** 230 User bmorton logged in site cpfr /etc/passwd 350 File or directory exists, ready for destination name site cpto /tmp/passwd.copy 250 Copy successful 220 ProFTPD 1.3.5rc3 Server (Debian) [:::10.129.53.2] site cpfr /etc/passwd Connection closed by foreign host. ** Patch added: "Upstream patch applied for trusty" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4787121/+files/proftpd-dfsg_1.3.5~rc3-2.1ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
I think backporting a package from 16.04 should be enough? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Thomasz, are you able to provide updates? See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation for some information on preparing updates. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Changed in: proftpd-dfsg (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Any update on these? I'm seeing ubuntu 14.04 servers hacked regularly because of this vulnerability. Upstream released the fix a year ago or so already! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Description changed: The CVE-2015-3306 problem is arround for some time now and is not fixed in 12.04 and 14.04 LTS versions. http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html I also tested it with telnet. I can copy files without any authentication if mod_copy is enabled (mod_copy is per default enabled!) The module is very usefull. I would be happy if I can re enable it on my servers. - Debian and other distributions have already fix this in their systems. http://bugs.proftpd.org/show_bug.cgi?id=4169 https://security-tracker.debian.org/tracker/CVE-2015-3306 + https://www.debian.org/security/2015/dsa-3263 Is there a special reason why this still not fixed on the LTS versions of Ubuntu? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Need help on this one? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Anton, are you able to provide updates? See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation for some information on preparing updates. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
This has not been fixed in 14.04 LTS. Came here after discovering hacking attempts. Sadly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Has this been released to 14.04 LTS? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Bug watch added: ProFTPD Bugzilla #4169 http://bugs.proftpd.org/show_bug.cgi?id=4169 ** Also affects: proftpd-dfsg via http://bugs.proftpd.org/show_bug.cgi?id=4169 Importance: Unknown Status: Unknown ** No longer affects: proftpd-dfsg ** Also affects: proftpd-dfsg via http://bugs.proftpd.org/show_bug.cgi?id=4169 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** Changed in: proftpd-dfsg Status: Unknown = Fix Released ** Changed in: proftpd-dfsg Importance: Unknown = Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Hi ft - unfortunately, there are no usable debdiffs in the tar file that you uploaded. Instructions on the security update packaging process can be found here: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-3306 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
This is a little bit high for me. I downloaded the debian/ubuntu pakages and created debdiffs (debdiff debian ubuntu) I hope this helps somehow. The pakages and the diffs are in the attachment. ** Attachment added: proftpd-basic_debdiff.tar.gz https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+attachment/4411451/+files/proftpd-basic_debdiff.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: proftpd-dfsg (Ubuntu) Status: New = Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs