Processed: CVE-2026-42167: SQL injection possible via mod_sql because of is_escaped_text() logic
Debian Bug Tracking System
owner at bugs.debian.org
Mon Apr 27 23:01:02 BST 2026
Processing control commands:
> found -1 1.3.8+dfsg-4+deb12u4
Bug #1135119 [proftpd-core] CVE-2026-42167: SQL injection possible via mod_sql because of is_escaped_text() logic
Marked as found in versions proftpd-dfsg/1.3.8+dfsg-4+deb12u4.
> found -1 1.3.7a+dfsg-12+deb11u5
Bug #1135119 [proftpd-core] CVE-2026-42167: SQL injection possible via mod_sql because of is_escaped_text() logic
There is no source info for the package 'proftpd-core' at version '1.3.7a+dfsg-12+deb11u5' with architecture ''
Unable to make a source version for version '1.3.7a+dfsg-12+deb11u5'
Marked as found in versions 1.3.7a+dfsg-12+deb11u5.
--
1135119: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135119
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
More information about the Pkg-proftpd-maintainers
mailing list