Debian Bug report logs -
#942831
CVE-2019-18217
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 22 Oct 2019 08:09:09 UTC
Severity: grave
Tags: security
Fixed in version proftpd-dfsg/1.3.6a-2
Done: Hilmar Preusse <hille42@web.de>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
:
Bug#942831
; Package src:proftpd-dfsg
.
(Tue, 22 Oct 2019 08:09:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
.
(Tue, 22 Oct 2019 08:09:13 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: proftpd-dfsg
Severity: grave
Tags: security
This was assigned CVE-2019-18217:
https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4
https://github.com/proftpd/proftpd/issues/846
Cheers,
Moritz
Reply sent
to Hilmar Preusse <hille42@web.de>
:
You have taken responsibility.
(Tue, 22 Oct 2019 12:09:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Tue, 22 Oct 2019 12:09:05 GMT) (full text, mbox, link).
Message #10 received at 942831-close@bugs.debian.org (full text, mbox, reply):
Source: proftpd-dfsg
Source-Version: 1.3.6a-2
We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 942831@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilmar Preusse <hille42@web.de> (supplier of updated proftpd-dfsg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Oct 2019 13:30:36 +0200
Source: proftpd-dfsg
Architecture: source
Version: 1.3.6a-2
Distribution: unstable
Urgency: high
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
Changed-By: Hilmar Preusse <hille42@web.de>
Closes: 942831
Changes:
proftpd-dfsg (1.3.6a-2) unstable; urgency=high
.
* Add patch for upstream bug #846 (CVE-2019-18217).
(Closes: #942831)
Checksums-Sha1:
f974786426186214c62b0f63c54fac392a5f8d34 2977 proftpd-dfsg_1.3.6a-2.dsc
0b6b26c154b59fb74364192864cc0f8dbf07d163 79892 proftpd-dfsg_1.3.6a-2.debian.tar.xz
f8c87d3c87e8231e011cda6be0cc8dea9dc843f6 12761 proftpd-dfsg_1.3.6a-2_i386.buildinfo
Checksums-Sha256:
95d1b04b0d9205b22250fc7a91730c8640cbde6894e63252da71522bc517318b 2977 proftpd-dfsg_1.3.6a-2.dsc
28ff9d788e503eb75a9f58713b054aec5187d0f3a6c0d4c70d534205df8a925e 79892 proftpd-dfsg_1.3.6a-2.debian.tar.xz
37c3a5498d39a182fab6ce6c2afa10568dc3b6a41f983614a86d9bf67eefd7bc 12761 proftpd-dfsg_1.3.6a-2_i386.buildinfo
Files:
c5a0ab25a00b44b048392224ff897769 2977 net optional proftpd-dfsg_1.3.6a-2.dsc
7b200a92e16523ba6cb4d20cbf2cfb3c 79892 net optional proftpd-dfsg_1.3.6a-2.debian.tar.xz
fe99b8f1f622a052cd4bad0ba5a16fe5 12761 net optional proftpd-dfsg_1.3.6a-2_i386.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAl2u7E9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LIu8RRAAkojwsSUKNRI/YM/V5L+cne9LMzCruLb6i//UGlLNpTWwsNu1RO3Ua6mJ
+ozGWP+NP9MzULK+65aQibsKhD0synObmG9irZjBMQMDYk4/ItBNynmn+ZMMzwNd
shzos/VjMgVhbA7viUNngOmc0ci729bO7nfPJoWD/cXyJvp7/aEh4RFONjzyVwJu
wBIr/Uuq32BPIOHVyLXUFL1iWLOT25fW6okf6cxCpbJEUuTEL3E24aQzH3843uGN
dwuzQSy/qvC4mUwThfDGkDiWYgs8rU9oEqfCwFc1DHCeQACtTxxznnLOB0sZe7W3
yL3Ichm7CO6VaCPzibmV/uTeW95KLTlHyINVkQY6Z3MW/vwvjzn6/PW20B/56Ddq
SkrJEEK4rSUK3jR/PV5S5EygTg9F+XcpnblUVl6+lu/ISTIGDsyQrd+AlDNcNzKK
6qjAa1cc9qrcb9Tp8zWeF+EPJrWco7lOmyCdtT7zYBP0rR8m8iFdAqWAhN5Tqn5C
21hCxed9FECG2rRAHOT0osT0MxAxOVJsjRlc8i+jgddci8nhsWkKvEcncwINN0ME
Eg5ZGLjPIdGFLrkPLcqim2HsALZY+AXNbBU1WTJpL9QcEODc8iV9SDVMMf44tl2f
sn905yQcxREBkjhvhsObNR6QbWi74MXz3shdmLa0yQ5lKBnlNPA=
=Izkc
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Oct 22 16:48:25 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.