[Bug 1647094] [NEW] segfault in xenial proftpd-dfsg 1.3.5a mod_sftp

Jason Short 1647094 at bugs.launchpad.net
Sat Dec 3 21:09:50 UTC 2016


Public bug reported:

We have observed segfaults in mod_sftp that appear to be triggered by
behavior in Ruby/Net::SSH as used by a software deployment service
"deploybot.com".

Per https://github.com/proftpd/proftpd/issues/305, and based on our
testing, the segfault is mitigated by this patch:
https://github.com/proftpd/proftpd/commit/b5c407771e8aaa41811199e595116bfe0f36afb9

Our rebuilt proftpd-basic package has been running without segfaults
during connections from this client.

** Affects: proftpd-dfsg (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "https://github.com/proftpd/proftpd/commit/b5c407771e8aaa41811199e595116bfe0f36afb9"
   https://bugs.launchpad.net/bugs/1647094/+attachment/4787080/+files/b5c407771e8aaa41811199e595116bfe0f36afb9.patch.txt

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1647094

Title:
  segfault in xenial proftpd-dfsg 1.3.5a mod_sftp

Status in proftpd-dfsg package in Ubuntu:
  New

Bug description:
  We have observed segfaults in mod_sftp that appear to be triggered by
  behavior in Ruby/Net::SSH as used by a software deployment service
  "deploybot.com".

  Per https://github.com/proftpd/proftpd/issues/305, and based on our
  testing, the segfault is mitigated by this patch:
  https://github.com/proftpd/proftpd/commit/b5c407771e8aaa41811199e595116bfe0f36afb9

  Our rebuilt proftpd-basic package has been running without segfaults
  during connections from this client.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1647094/+subscriptions



More information about the Pkg-proftpd-maintainers mailing list