CVE-2023-48795 proftp* & Debian stable

Salvatore Bonaccorso carnil at debian.org
Tue Jan 9 21:38:00 GMT 2024


Hi Hilmar,

On Tue, Jan 09, 2024 at 10:24:15PM +0100, Preuße, Hilmar wrote:
> On 02.01.2024 09:54, Salvatore Bonaccorso wrote:
> > On Mon, Jan 01, 2024 at 10:24:10PM +0100, Hilmar Preuße wrote:
> 
> Hi Salvatore,
> 
> > > I've added the patch for CVE-2023-51713 to bookworm branch, this
> > > would be part of a potential 12u3 upload.
> > > 
> > > https://security-tracker.debian.org/tracker/CVE-2023-51713
> > 
> > Sounds good, thank you!
> > 
> Currently the proftp package tracker reports both issues as "low security"
> [1]:
> 
> - issue left for the package maintainer to handle: CVE-2023-51713
> - issue that should be fixed with the next stable update: CVE-2023-48795
> 
> So I'd upload the fix to stable-proposed updates to make sure we have it in
> the next point release. Does that sound OK?

Yes that would be great if you can fix both CVEs along! The next point
releases are not yet settled, but are likely to be around 10th, 17th
of february.

Regards,
Salvatore



More information about the Pkg-proftpd-maintainers mailing list