Bug#777214: proftpd-basic: HTTPS/FTPS protocol confusion leads to XSS

Jörg Ludwig joerg.ludwig at iserv.eu
Fri Feb 6 11:05:55 UTC 2015


Package: proftpd-basic
Version: 1.3.4a-5+iserv1
Severity: important

Dear Maintainer,

there is a security problem in every Debian package of proftpd which was 
fixed upstream on 2014-12-15:
http://bugs.proftpd.org/show_bug.cgi?id=4143


-- System Information:
Debian Release: 7.8
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.14-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages proftpd-basic depends on:
ii  adduser         3.113+nmu3
ii  debconf         1.5.49
ii  debianutils     4.3.2
ii  libacl1         2.2.51-8
ii  libc6           2.13-38+deb7u7
ii  libcap2         1:2.22-1.2
ii  libncursesw5    5.9-10
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g        1.1.3-7.1
ii  libpcre3        1:8.30-5
ii  libssl1.0.0     1.0.1e-2+deb7u14
ii  libtinfo5       5.9-10
ii  libwrap0        7.6.q-24
ii  netbase         5.0
ii  sed             4.2.1-10
ii  ucf             3.0025+nmu3
ii  update-inetd    4.43
ii  zlib1g          1:1.2.7.dfsg-13

Versions of packages proftpd-basic recommends:
pn  proftpd-mod-vroot  <none>

Versions of packages proftpd-basic suggests:
pn  openbsd-inetd | inet-superserver  <none>
ii  openssl                           1.0.1e-2+deb7u14
pn  proftpd-doc                       <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-sqlite                <none>

-- debconf information excluded

-- 
Mit freundlichen Grüßen,

Jörg Ludwig

IServ GmbH
Bültenweg 73
38106 Braunschweig

Telefon:     0531-2243666-0
Fax:         0531-2243666-9
Mobil:       0179-9101055
E-Mail:      joerg.ludwig at iserv.eu
Internet:    www.iserv.eu
USt.-IdNr.:  DE265149425



More information about the Pkg-proftpd-maintainers mailing list