Bug#952557: proftpd-dfsg: Followup fix for CVE-2020-9273

Salvatore Bonaccorso carnil at debian.org
Wed Mar 4 20:27:31 GMT 2020


Hi Hilmar,

On Wed, Mar 04, 2020 at 09:09:30PM +0100, Hilmar Preuße wrote:
> found -1 1.3.5b-4+deb9u3
> found -1 1.3.6-4+deb10u3
> 
> On 2/25/20 8:39 PM, Salvatore Bonaccorso wrote:
> 
> > As per https://github.com/proftpd/proftpd/issues/903 there was a
> > follow-up fix for upstream issue #903, CVE-2020-9273.
> > 
> Found in stable and oldstable too.

Actually not, because we never released a fix for #903 which was
incomplete. The update issued contained both commits needed.

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list