[SCM] proftpd-dfsg branch, squeeze, updated. debian/1.3.3a-6-6-gd064d6c

Francesco Paolo Lovergine frankie at debian.org
Fri Nov 11 11:41:35 UTC 2011 

The following commit has been merged in the squeeze branch:
commit d064d6c58b4740971edc26eb0edcab00684e0bbd
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Fri Nov 11 12:40:55 2011 +0100

    Fixed CVE-2011-4130

diff --git a/debian/changelog b/debian/changelog
index 9baab95..401ae9b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+proftpd-dfsg (1.3.3a-6squeeze3) stable-security; urgency=high
+
+  * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free
+    memory corruption error. This is CVE-2011-4130.
+    (closes: #648373)
+
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Fri, 11 Nov 2011 12:23:49 +0100
+
 proftpd-dfsg (1.3.3a-6squeeze2) stable-security; urgency=high
 
   * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to
diff --git a/debian/patches/00list b/debian/patches/00list
index ebeaa63..9f522f8 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -20,3 +20,4 @@ mod_vroot
 3536
 CVE-2011-1137
 3624
+3711
diff --git a/debian/patches/3711.dpatch b/debian/patches/3711.dpatch
new file mode 100755
index 0000000..c1babc0
--- /dev/null
+++ b/debian/patches/3711.dpatch
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 3711.dpatch by Francesco Paolo Lovergine <frankie at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' proftpd-dfsg~/src/main.c proftpd-dfsg/src/main.c
+--- proftpd-dfsg~/src/main.c	2011-11-11 12:23:30.000000000 +0100
++++ proftpd-dfsg/src/main.c	2011-11-11 12:39:53.000000000 +0100
+@@ -706,6 +706,10 @@
+       _dispatch(cmd, LOG_CMD_ERR, FALSE, NULL);
+ 
+       pr_response_flush(&resp_err_list);
++
++      /* Restore any previous pool to the Response API. */
++      pr_response_set_pool(resp_pool);
++
+       return success;
+     }
+ 
+@@ -761,6 +765,9 @@
+         break;
+ 
+       default:
++        /* Restore any previous pool to the Response API. */
++        pr_response_set_pool(resp_pool);
++
+         errno = EINVAL;
+         return -1;
+     }

-- 
ProFTPD core package

More information about the Pkg-proftpd-maintainers mailing list