Bug#951800: CVE-2020-9273: buster affected

Hilmar Preusse hille42 at web.de
Fri Feb 21 21:07:42 GMT 2020


Package: proftpd-basic
Version: 1.3.6-4+deb10u3
Severity: important
Tags: upstream

This is to track CVE-2020-9273.

I'm not 100% sure if jessie is affected too. At least the
CVE does not report it.

Hilmar

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.4.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser            3.118
ii  debianutils        4.9.1
ii  libacl1            2.2.53-5
ii  libc6              2.29-10
ii  libcap2            1:2.32-1
ii  libcrypt1          1:4.4.10-10
ii  libhiredis0.14     0.14.0-6
ii  libmemcached11     1.0.18-4.2
ii  libmemcachedutil2  1.0.18-4.2
ii  libncursesw6       6.1+20191019-1
ii  libpam-runtime     1.3.1-5
ii  libpam0g           1.3.1-5
ii  libpcre3           2:8.39-12+b1
ii  libssl1.1          1.1.1d-2
ii  libtinfo6          6.1+20191019-1
ii  libwrap0           7.6.q-30
ii  lsb-base           11.1.0
ii  netbase            6.1
ii  sed                4.7-1
ii  ucf                3.0038+nmu1
ii  zlib1g             1:1.2.11.dfsg-1.2

Versions of packages proftpd-basic recommends:
pn  proftpd-doc  <none>

Versions of packages proftpd-basic suggests:
ii  openbsd-inetd [inet-superserver]  0.20160825-4+b1
ii  openssl                           1.1.1d-2
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-snmp                  <none>
pn  proftpd-mod-sqlite                <none>

-- debconf information:
* shared/proftpd/inetd_or_standalone: from inetd



More information about the Pkg-proftpd-maintainers mailing list