[SCM] proftpd-dfsg branch, master, updated. upstream/1.3.4_rc3-58-g218c891
Francesco Paolo Lovergine
frankie at debian.org
Fri Nov 11 12:13:43 UTC 2011
The following commit has been merged in the master branch:
commit 218c891bd005249f8f1dfd0e7687f53d2f0564dc
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date: Fri Nov 11 13:13:22 2011 +0100
Fixed #648373
diff --git a/debian/changelog b/debian/changelog
index dfc6b0e..1ac6806 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+proftpd-dfsg (1.3.4~rc3-3) unstable; urgency=high
+
+ * Added patch 3711 to manage CVE-2011-4130 (Response pool use-after-free
+ memory corruption error).
+ (closes: #648373)
+
+ -- Francesco Paolo Lovergine <frankie at debian.org> Fri, 11 Nov 2011 13:11:03 +0100
+
proftpd-dfsg (1.3.4~rc3-2) unstable; urgency=low
* Added libacl1-dev and libssl-dev to proftpd-dev dependencies, due to
diff --git a/debian/patches/3711 b/debian/patches/3711
new file mode 100644
index 0000000..45daafc
--- /dev/null
+++ b/debian/patches/3711
@@ -0,0 +1,24 @@
+Index: proftpd-dfsg/src/main.c
+===================================================================
+--- proftpd-dfsg.orig/src/main.c 2011-11-11 13:03:50.000000000 +0100
++++ proftpd-dfsg/src/main.c 2011-11-11 13:10:03.000000000 +0100
+@@ -651,6 +651,9 @@
+ cmd->argv[0]);
+ pr_response_flush(&resp_err_list);
+
++ /* Restore any previous pool to the Response API. */
++ pr_response_set_pool(resp_pool);
++
+ errno = xerrno;
+ return success;
+ }
+@@ -718,6 +721,9 @@
+ break;
+
+ default:
++ /* Restore any previous pool to the Response API. */
++ pr_response_set_pool(resp_pool);
++
+ errno = EINVAL;
+ return -1;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index da36ad9..131f837 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ mod_cap
odbc
silent
use_hypen_in_manpage
+3711
--
ProFTPD core package
More information about the Pkg-proftpd-maintainers
mailing list