[Bug 905252] Re: CVE-2011-4130 in lucid, maverick, natty
Rolf Leggewie
905252 at bugs.launchpad.net
Wed Jun 17 11:27:37 UTC 2015
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".
** Changed in: proftpd-dfsg (Ubuntu Lucid)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/905252
Title:
CVE-2011-4130 in lucid, maverick, natty
Status in proftpd-dfsg package in Ubuntu:
Fix Released
Status in proftpd-dfsg source package in Lucid:
Won't Fix
Status in proftpd-dfsg source package in Maverick:
Won't Fix
Status in proftpd-dfsg source package in Natty:
Won't Fix
Status in proftpd-dfsg source package in Oneiric:
Won't Fix
Status in proftpd-dfsg source package in Precise:
Fix Released
Bug description:
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
- https://launchpad.net/bugs/cve/CVE-2011-4130
- http://security-tracker.debian.net/tracker/CVE-2011-4130
Effected:
- Lucid
- Maverick
- Natty
Oneiric not effected because we have 1.3.4~rc2-4 on archive
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions
More information about the Pkg-proftpd-maintainers
mailing list