Bug#648373: [CVE-2011-4130] Use-after-free issue
Florian Weimer
fw at deneb.enyo.de
Fri Nov 11 18:56:02 UTC 2011
* Francesco P. Lovergine:
>> A use-after-free issue has been discovered in ProFTPd:
>>
>> <http://bugs.proftpd.org/show_bug.cgi?id=3711>
>>
>> It seems that squeeze is vulnerable, too. I haven't checked the code
>> in lenny yet.
> I have 1.3.3a-6squeeze3 ready for squeeze with the required fix.
> Waiting for a secteam go signal, just in case.
Thanks. I trust that the call is at the right place, I find the code
somewhat confusing.
Please upload with the usual caveats (1.3.3a-6squeeze2 as version
number, squeeze-security suite, host security-master).
More information about the Pkg-proftpd-maintainers
mailing list