[Bug 905252] Re: CVE-2011-4130 in lucid, maverick, natty

Mahyuddin Susanto udienz at gmail.com
Wed Nov 21 17:47:45 UTC 2012


** Changed in: proftpd-dfsg (Ubuntu Maverick)
     Assignee: Mahyuddin Susanto (udienz) => (unassigned)

** Changed in: proftpd-dfsg (Ubuntu Natty)
     Assignee: Mahyuddin Susanto (udienz) => (unassigned)

** Changed in: proftpd-dfsg (Ubuntu Oneiric)
     Assignee: Mahyuddin Susanto (udienz) => (unassigned)

** Changed in: proftpd-dfsg (Ubuntu Lucid)
     Assignee: Mahyuddin Susanto (udienz) => (unassigned)

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/905252

Title:
  CVE-2011-4130 in lucid, maverick, natty

Status in “proftpd-dfsg” package in Ubuntu:
  Fix Released
Status in “proftpd-dfsg” source package in Lucid:
  In Progress
Status in “proftpd-dfsg” source package in Maverick:
  Won't Fix
Status in “proftpd-dfsg” source package in Natty:
  Won't Fix
Status in “proftpd-dfsg” source package in Oneiric:
  In Progress
Status in “proftpd-dfsg” source package in Precise:
  Fix Released

Bug description:
  Description
  Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
  allows remote authenticated users to execute arbitrary code via vectors
  involving an error that occurs after an FTP data transfer.

  References
   - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
   - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
   - https://launchpad.net/bugs/cve/CVE-2011-4130
   - http://security-tracker.debian.net/tracker/CVE-2011-4130

  Effected:
   - Lucid
   - Maverick
   - Natty

  Oneiric not effected because we have 1.3.4~rc2-4 on archive

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions



More information about the Pkg-proftpd-maintainers mailing list