[Bug 905252] Re: CVE-2011-4130 in lucid, maverick, natty
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Mar 15 14:45:13 UTC 2012
proftpd-dfsg is supported by the community, so somebody needs to step up
and provide debdiffs to fix the issue.
If nobody is interested in doing the work, then there is no progress and
proftpd-dfsg will likely remain vulnerable.
--
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/905252
Title:
CVE-2011-4130 in lucid, maverick, natty
Status in “proftpd-dfsg” package in Ubuntu:
Fix Released
Status in “proftpd-dfsg” source package in Lucid:
In Progress
Status in “proftpd-dfsg” source package in Maverick:
In Progress
Status in “proftpd-dfsg” source package in Natty:
In Progress
Status in “proftpd-dfsg” source package in Oneiric:
In Progress
Status in “proftpd-dfsg” source package in Precise:
Fix Released
Bug description:
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
- https://launchpad.net/bugs/cve/CVE-2011-4130
- http://security-tracker.debian.net/tracker/CVE-2011-4130
Effected:
- Lucid
- Maverick
- Natty
Oneiric not effected because we have 1.3.4~rc2-4 on archive
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions
More information about the Pkg-proftpd-maintainers
mailing list