Backport ProFTPd security fix
Jozef Sudolsky ELBIA s. r. o.
jozef.sudolsky at elbia.sk
Sat Sep 26 16:30:26 BST 2020
Hi guys,
ProFTPd 1.3.6, which is a part of Debian Buster, contains a bug which
causes client-initiated renegotiation for FTPS to be enabled by
default without a way of disabling it (=no workaround). There is
already a fix which will be part of next 1.3.7b and 1.3.8 releases but
won't be backported to 1.3.6 line. As client-initiated renegotiation
can be used to DoS attack, i believe the fix should be backported to
Debian Buster.
More info here:
https://github.com/proftpd/proftpd/issues/1119
What do you think?
Have a nice day.
--
S pozdravom
Bc. Jozef Sudolsky
ELBIA, s. r. o.
Stoličková 870/4
974 01 Banská Bystrica
IČO: 36 702 897
IČ DPH: SK2022300995
Spoločnosť je zapísana v OR vedenom OS v Banskej Bystrici pod spisovou značkou
12334/S v zložke Sro.
Pred vytlačením tohto mailu, prosím, zvážte dopad na životné
prostredie. Ďakujeme.
Please consider the environment before printing this e-mail. Thanks.
More information about the Pkg-proftpd-maintainers
mailing list