[Bug 1647094] Re: segfault in xenial proftpd-dfsg 1.3.5a mod_sftp

Launchpad Bug Tracker 1647094 at bugs.launchpad.net
Mon Jun 26 08:31:47 UTC 2017 

This bug was fixed in the package proftpd-dfsg - 1.3.5d-1

---------------
proftpd-dfsg (1.3.5d-1) unstable; urgency=medium

  [ Hilmar Preuße ]
  * Init script (rarely) fails in detecting pid file (Closes: #756637)
  * Fix dep of proftpd-dev (libssl-dev -> libssl1.0-dev)
    (Closes: #848124)
  * Remove shlib-calls-exit from lintian overrides (warning is gone)
  * Reformat debian/*NEWS files (kills syntax-error-in-debian-news-file,
    removed lintian override).
  * Clean proftpd-basic.dirs a little bit. Kill proftpd-dev.dirs.
  * Tighten B-D version of debhelper (dh_update_autotools_config was
    introduced).
  * Patch github_305_handling_unclosed_files
    When handling unclosed files for an aborted SFTP session, we will
    need a valid response pool.  So provide one.  The lack of this may have
    been causing some segfaults. (LP: #1647094)
  * Patch bug_4277_deb_823409
    Upstream identified another Memleak, occurring when /uploading/ large
    files; affects only 1.3.5 line. Patch hopefully (Closes: #823409).

  [ Francesco Paolo Lovergine ]
  * New upstream release. (Closes: #854369)
    * Patchset updated to remove already included patches.
    * Build w/ OpenSSL 1.1. Do it (Closes: #828513)
  * Makes piuparts happy by removing /srv/ftp on purge 
  * Removed debconf support and added a proftpd-basic.NEWS entry to warn about
    that. (Closes: #820984)

 -- Francesco Paolo Lovergine <frankie at debian.org>  Thu, 26 Jan 2017
13:23:53 +0100

** Changed in: proftpd-dfsg (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1647094

Title:
  segfault in xenial proftpd-dfsg 1.3.5a mod_sftp

Status in proftpd-dfsg package in Ubuntu:
  Fix Released

Bug description:
  We have observed segfaults in mod_sftp that appear to be triggered by
  behavior in Ruby/Net::SSH as used by a software deployment service
  "deploybot.com".

  Per https://github.com/proftpd/proftpd/issues/305, and based on our
  testing, the segfault is mitigated by this patch:
  https://github.com/proftpd/proftpd/commit/b5c407771e8aaa41811199e595116bfe0f36afb9

  Our rebuilt proftpd-basic package has been running without segfaults
  during connections from this client.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1647094/+subscriptions

More information about the Pkg-proftpd-maintainers mailing list