[SCM] proftpd-dfsg branch, master, updated. upstream/1.3.4_rc3-58-g218c891

Francesco Paolo Lovergine frankie at debian.org
Fri Nov 11 12:13:43 UTC 2011


The following commit has been merged in the master branch:
commit 218c891bd005249f8f1dfd0e7687f53d2f0564dc
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Fri Nov 11 13:13:22 2011 +0100

    Fixed #648373

diff --git a/debian/changelog b/debian/changelog
index dfc6b0e..1ac6806 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+proftpd-dfsg (1.3.4~rc3-3) unstable; urgency=high
+
+  * Added patch 3711 to manage CVE-2011-4130 (Response pool use-after-free
+    memory corruption error).
+    (closes: #648373)
+
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Fri, 11 Nov 2011 13:11:03 +0100
+
 proftpd-dfsg (1.3.4~rc3-2) unstable; urgency=low
 
   * Added libacl1-dev and libssl-dev to proftpd-dev dependencies, due to
diff --git a/debian/patches/3711 b/debian/patches/3711
new file mode 100644
index 0000000..45daafc
--- /dev/null
+++ b/debian/patches/3711
@@ -0,0 +1,24 @@
+Index: proftpd-dfsg/src/main.c
+===================================================================
+--- proftpd-dfsg.orig/src/main.c	2011-11-11 13:03:50.000000000 +0100
++++ proftpd-dfsg/src/main.c	2011-11-11 13:10:03.000000000 +0100
+@@ -651,6 +651,9 @@
+         cmd->argv[0]);
+       pr_response_flush(&resp_err_list);
+ 
++      /* Restore any previous pool to the Response API. */
++      pr_response_set_pool(resp_pool);
++
+       errno = xerrno;
+       return success;
+     }
+@@ -718,6 +721,9 @@
+         break;
+ 
+       default:
++        /* Restore any previous pool to the Response API. */
++        pr_response_set_pool(resp_pool);
++
+         errno = EINVAL;
+         return -1;
+     }
diff --git a/debian/patches/series b/debian/patches/series
index da36ad9..131f837 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ mod_cap
 odbc
 silent
 use_hypen_in_manpage
+3711

-- 
ProFTPD core package



More information about the Pkg-proftpd-maintainers mailing list