[SCM] proftpd-dfsg branch, master, updated. debian/1.3.3a-6-26-g280d36d
Francesco Paolo Lovergine
frankie at debian.org
Sat Mar 5 14:24:06 UTC 2011
The following commit has been merged in the master branch:
commit 280d36d65676409f600bc63d859f5780bca2b540
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date: Sat Mar 5 15:23:36 2011 +0100
Added known CVE ids in debian/changelog.
diff --git a/debian/changelog b/debian/changelog
index bbe2e2f..0702175 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+proftpd-dfsg (1.3.3d-5) unstable; urgency=low
+
+ * Annotated CVE IDs in debian/changelog for recent vulnerabilities fixed.
+
+ -- Francesco Paolo Lovergine <frankie at debian.org> Sat, 05 Mar 2011 15:17:42 +0100
+
proftpd-dfsg (1.3.3d-4) unstable; urgency=high
* Fixed previous changelog.
@@ -60,7 +66,7 @@ proftpd-dfsg (1.3.3d-1) unstable; urgency=low
proftpd-dfsg (1.3.3a-6) unstable; urgency=high
* [SECURITY] 3536.dpatch fixes insufficient bounds checking in sql_prepare_where()
- function as found in mod_sql.c.
+ function as found in mod_sql.c. This is CVE-2010-4652.
-- Francesco Paolo Lovergine <frankie at debian.org> Fri, 28 Jan 2011 09:54:52 +0100
@@ -82,6 +88,7 @@ proftpd-dfsg (1.3.3a-4) unstable; urgency=high
- delete a directory located outside the writable directory
- create a symlink located outside the writable directory
- change the time of a file located outside the writable directory.
+ This fixes CVE-2010-3867.
-- Francesco Paolo Lovergine <frankie at debian.org> Fri, 22 Oct 2010 11:59:54 +0200
--
ProFTPD core package
More information about the Pkg-proftpd-maintainers
mailing list