Bug#648373: [CVE-2011-4130] Use-after-free issue
Francesco P. Lovergine
frankie at debian.org
Fri Nov 11 11:54:58 UTC 2011
tag 648373 + pending
tag 648373 + patch
thanks
On Thu, Nov 10, 2011 at 09:31:17PM +0100, Florian Weimer wrote:
> Package: proftpd-dfsg
> Version: 1.3.3a-6squeeze1
> Severity: grave
> Tags: security
>
> A use-after-free issue has been discovered in ProFTPd:
>
> <http://bugs.proftpd.org/show_bug.cgi?id=3711>
>
> It seems that squeeze is vulnerable, too. I haven't checked the code
> in lenny yet.
>
I have 1.3.3a-6squeeze3 ready for squeeze with the required fix.
Waiting for a secteam go signal, just in case.
--
Francesco P. Lovergine
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 3711.dpatch by Francesco Paolo Lovergine <frankie at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' proftpd-dfsg~/src/main.c proftpd-dfsg/src/main.c
--- proftpd-dfsg~/src/main.c 2011-11-11 12:23:30.000000000 +0100
+++ proftpd-dfsg/src/main.c 2011-11-11 12:39:53.000000000 +0100
@@ -706,6 +706,10 @@
_dispatch(cmd, LOG_CMD_ERR, FALSE, NULL);
pr_response_flush(&resp_err_list);
+
+ /* Restore any previous pool to the Response API. */
+ pr_response_set_pool(resp_pool);
+
return success;
}
@@ -761,6 +765,9 @@
break;
default:
+ /* Restore any previous pool to the Response API. */
+ pr_response_set_pool(resp_pool);
+
errno = EINVAL;
return -1;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20111111/d482e3ce/attachment.pgp>
More information about the Pkg-proftpd-maintainers
mailing list