Debdiff for lucid, also added patches from DebianBug #648922 to prevent regression. See also DSA 2346-2
** Patch added: "proftpd-dfsg_lucid.debdiff" https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2637054/+files/proftpd-dfsg_lucid.debdiff ** Description changed: Description Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. References - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 - - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130 - - https://launchpad.net/bugs/cve/CVE-2011-4130 - - http://security-tracker.debian.net/tracker/CVE-2011-4130 + - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130 + - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130 + - https://launchpad.net/bugs/cve/CVE-2011-4130 + - http://security-tracker.debian.net/tracker/CVE-2011-4130 Effected: - - Lucid - - Maverick - - Natty - - Oneiric + - Lucid + - Maverick + - Natty + + Oneiric not effected because we have 1.3.4~rc2-4 on archive ** Changed in: proftpd-dfsg (Ubuntu) Status: In Progress => New ** Changed in: proftpd-dfsg (Ubuntu) Assignee: Mahyuddin Susanto (udienz) => (unassigned) ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0411 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/905252 Title: CVE-2011-4130 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
