Bug#818492: proftpd-dfsg: CVE-2016-3125: usage of 1024 bit DH key even with manual parameters set

Salvatore Bonaccorso carnil at debian.org
Thu Mar 17 15:33:31 UTC 2016


Source: proftpd-dfsg
Version: 1.3.5a-1
Severity: important
Tags: security upstream fixed-upstream
Forwarded: http://bugs.proftpd.org/show_bug.cgi?id=4230

Hi,

the following vulnerability was published for proftpd-dfsg.

CVE-2016-3125[0]:
TLSDHParamFile directive ignored

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-3125
[1] http://bugs.proftpd.org/show_bug.cgi?id=4230

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list