Bug#697524: proftpd-basic: Apply upstream bugfix for upstream bug #3841 – Possible symlink race when applying UserOwner
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 7 21:35:26 UTC 2013
Control: retitle -1 proftpd-basic: CVE-2012-6095: Possible symlink race when applying UserOwner
Hi
On Sun, Jan 06, 2013 at 04:19:13PM +0100, Jann Horn wrote:
> Package: proftpd-basic
> Version: 1.3.4a-2+b1
> Severity: normal
> Tags: security
>
> There's a symlink race that could lead to root access in some configurations. See here:
> http://bugs.proftpd.org/show_bug.cgi?id=3841
>
> There's an upstream bugfix, so that should probably be backported.
A CVE was assigned to this issue: CVE-2012-6095. Please include this
CVE in changelog when fixing this issue.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20130107/5a60d518/attachment.pgp>
More information about the Pkg-proftpd-maintainers
mailing list