[Git][security-tracker-team/security-tracker][master] Add CVE-2026-42167/proftpd-dfsg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bcbeb1e by Salvatore Bonaccorso at 2026-04-28T08:58:07+02:00
Add CVE-2026-42167/proftpd-dfsg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,6 @@
+CVE-2026-42167 [SQL injection possible via mod_sql because of is_escaped_text() logic]
+	- proftpd-dfsg <unfixed> (bug #1135119)
+	NOTE: https://github.com/proftpd/proftpd/issues/2052
 CVE-2026-7148 (A flaw has been found in CodeAstro Online Classroom 1.0. This affects  ...)
 	NOT-FOR-US: CodeAstro Online Classroom
 CVE-2026-7147 (A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bcbeb1e767468d644da3d0151675b2ca4c553d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bcbeb1e767468d644da3d0151675b2ca4c553d0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/d2a0c498/attachment-0001.htm>