Bug#777214: proftpd-basic: HTTPS/FTPS protocol confusion leads to XSS
Jörg Ludwig
joerg.ludwig at iserv.eu
Fri Feb 6 11:05:55 UTC 2015
Package: proftpd-basic
Version: 1.3.4a-5+iserv1
Severity: important
Dear Maintainer,
there is a security problem in every Debian package of proftpd which was
fixed upstream on 2014-12-15:
http://bugs.proftpd.org/show_bug.cgi?id=4143
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.14-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages proftpd-basic depends on:
ii adduser 3.113+nmu3
ii debconf 1.5.49
ii debianutils 4.3.2
ii libacl1 2.2.51-8
ii libc6 2.13-38+deb7u7
ii libcap2 1:2.22-1.2
ii libncursesw5 5.9-10
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libpcre3 1:8.30-5
ii libssl1.0.0 1.0.1e-2+deb7u14
ii libtinfo5 5.9-10
ii libwrap0 7.6.q-24
ii netbase 5.0
ii sed 4.2.1-10
ii ucf 3.0025+nmu3
ii update-inetd 4.43
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages proftpd-basic recommends:
pn proftpd-mod-vroot <none>
Versions of packages proftpd-basic suggests:
pn openbsd-inetd | inet-superserver <none>
ii openssl 1.0.1e-2+deb7u14
pn proftpd-doc <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-sqlite <none>
-- debconf information excluded
--
Mit freundlichen Grüßen,
Jörg Ludwig
IServ GmbH
Bültenweg 73
38106 Braunschweig
Telefon: 0531-2243666-0
Fax: 0531-2243666-9
Mobil: 0179-9101055
E-Mail: joerg.ludwig at iserv.eu
Internet: www.iserv.eu
USt.-IdNr.: DE265149425
More information about the Pkg-proftpd-maintainers
mailing list