Bug#932453: CVE-2019-12815
Moritz Mühlenhoff
jmm at inutil.org
Mon Jul 22 22:47:22 BST 2019
On Sun, Jul 21, 2019 at 02:31:56PM -0300, Markus Koschany wrote:
> Hi,
>
> On Fri, 19 Jul 2019 20:35:19 +0200 =?UTF-8?Q?Hilmar_Preu=c3=9fe?=
> <hille42 at web.de> wrote:
> > On 19.07.19 17:41, Moritz Muehlenhoff wrote:
> >
> > Hi,
> >
> > > Please see:
> > > http://bugs.proftpd.org/show_bug.cgi?id=4372
> > > https://github.com/proftpd/proftpd/pull/816
> > >
> > The patch from upstream applies nicely to our master branch (and would
> > apply to the buster package too). I could upload the fix to Debian sid
> > right now. Will you care about stable and oldstable?
>
> I can take care of oldstable because I wanted to upload a new stretch-pu
> anyway. We can either choose to release the fix for CVE-2019-12815 via
> DSA separately and afterwards I merge it into the stretch-pu or we can
> do all at once. There are considerable changes to fix the previous
> memory leaks which would make the diff harder to review though.
Let's better untangle those.
Cheers,
Moritz
More information about the Pkg-proftpd-maintainers
mailing list