Bug#992920: Bug#993173: proftpd-basic: mod_radius leaks memory contents to radius server

Adam D. Barratt adam at adam-barratt.org.uk
Sat Sep 18 23:03:02 BST 2021


Hi,

On Sat, 2021-09-18 at 18:41 +0200, Hilmar Preuße wrote:
> Am 18.09.2021 um 12:01 teilte Salvatore Bonaccorso mit:
> > On Sat, Sep 18, 2021 at 11:09:18AM +0200, Chris Hofstaedtler wrote:
> > > * Chris Hofstaedtler <zeha at debian.org> [210904 13:27]:
> > > > * Hilmar Preuße <hille42 at web.de> [210903 10:42]:
> 
> Hi,
> 
> > > > > Try here: https://freeshell.de/hille42/993173/
> > > > 
> > > > I have tried these packages out (on buster, obviously), and can
> > > > confirm they work as expected. Also together with proftpd-mod-
> > > > vroot.
> > > 
> > > Do you think this could make it into the next stable point
> > > release?
> > 
> > I think the issue can go in via a point release indeed. The
> > planning
> > has been announced as
> > https://lists.debian.org/debian-live/2021/09/msg00026.html and
> > https://lists.debian.org/debian-live/2021/09/msg00027.html FWIW.
> > 
> I'll try to upload ASAP.
> 

I see that uploads for both of these bugs have landed in the stable-new 
queues for both buster and bullseye.

However, neither appears to be fixed in unstable yet. Is that correct?
If so, please resolve the issues in unstable first, as that is a basic
prerequisite for fixing them in (old)stable. If the issues are in fact
fixed in unstable, please make this clearer by adding appropriate fixed
versions to the bugs.

It also doesn't look like a release.debian.org p-u request has yet been
filed for either of the uploads. Assuming I haven't simply missed them,
please do file the bugs, preferably using "reportbug
release.debian.org" and following the prompts.

Thanks,

Adam



More information about the Pkg-proftpd-maintainers mailing list