Bug#782781: No security fix yet
Salvatore Bonaccorso
carnil at debian.org
Tue May 19 15:51:35 UTC 2015
Hi Mario,
On Tue, May 19, 2015 at 08:33:08AM +0200, Mario Lipinski wrote:
> Dear proftpd maintainers,
>
> following a recent press release [1], exploits [2] for this bug [3] exist
> and the bug seems to be unfixed in the currently supported oldstable and
> stable releases [4]. What about considering a security release or updating
> the security-tracker information?
>
> [1] http://www.heise.de/newsticker/meldung/Angreifer-nutzen-kritische-Luecke-in-ProFTPD-aus-2652114.html
> (German)
> [2] https://github.com/nootropics/propane
> [3] http://bugs.proftpd.org/show_bug.cgi?id=4169
> [4] https://security-tracker.debian.org/tracker/CVE-2015-3306
The information on the security tracker is indeed right. An update for
proftpd-dfsg for wheezy-security and jessie-security is in the works
and should be out hopefully soon.
HTH and Regards,
Salvatore
More information about the Pkg-proftpd-maintainers
mailing list