[Git][debian-proftpd-team/proftpd][1.3.5b] Add patch for #946345.
Hilmar Preuße
gitlab at salsa.debian.org
Sun Dec 8 16:00:10 GMT 2019
Hilmar Preuße pushed to branch 1.3.5b at Debian ProFTPD Team / proftpd
Commits:
74095e37 by Hilmar Preuße at 2019-12-08T16:00:05Z
Add patch for #946345.
- - - - -
3 changed files:
- debian/changelog
- debian/patches/series
- + debian/patches/upstream_861_CVE-2019-19269
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+proftpd-dfsg (1.3.5b-4+deb9u3) stretch-security; urgency=medium
+
+ * Cherry pick patch from upstream:
+ - for upstream 861 (CVE-2019-19269) (Closes: #946345)
+ upstream_pull_861_CVE-2019-19269
+
+ -- Hilmar Preusse <hille42 at web.de> Sun, 08 Dec 2019 16:52:34 +0100
+
proftpd-dfsg (1.3.5b-4+deb9u2) stretch-security; urgency=high
* Add patch from upstream to address CVE-2019-18217.
=====================================
debian/patches/series
=====================================
@@ -17,3 +17,4 @@ not_read_whole_passwd_db
CVE-2017-7418
proftpd-1.3.5e-CVE-2019-12815.patch
bug_846_CVE-2019-18217.patch
+upstream_861_CVE-2019-19269
=====================================
debian/patches/upstream_861_CVE-2019-19269
=====================================
@@ -0,0 +1,12 @@
+--- proftpd-dfsg.orig/contrib/mod_tls.c
++++ proftpd-dfsg/contrib/mod_tls.c
+@@ -5862,6 +5862,9 @@
+ ASN1_INTEGER *sn;
+
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
++ if (revoked == NULL) {
++ continue;
++ }
+ sn = revoked->serialNumber;
+
+ if (ASN1_INTEGER_cmp(sn, X509_get_serialNumber(xs)) == 0) {
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/commit/74095e378a604d3358621637773d576b52acef14
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/commit/74095e378a604d3358621637773d576b52acef14
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list