[SECURITY] [DLA 2338-1] proftpd-dfsg security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2338-1] proftpd-dfsg security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 22 Aug 2020 19:42:46 +0200
Message-id: <[🔎] 12ed4caf-5faf-2d7a-552c-1802ef9aecb2@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2338-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
August 22, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
Version        : 1.3.5e+r1.3.5b-4+deb9u1
CVE ID         : not available	
Debian Bug     : 923926

Several memory leaks were discovered in proftpd-dfsg, a versatile,
virtual-hosting FTP daemon, when mod_facl or mod_sftp
is used which could lead to memory exhaustion and a denial-of-service.

The update also makes automatic upgrades of proftpd-dfsg from Debian 8
to Debian 9 possible again.

For Debian 9 stretch, this problem has been fixed in version
1.3.5e+r1.3.5b-4+deb9u1.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl9BWRZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeT9hQ/8CGEFs3OEHCP1o6IkgcVE3UFf9hZYl5czxD0vwoADrpASsCmmUozKKp4D
3SnkZ5/8jJiY1OFVHNhyfv7bzSn3BIo4pwuNCrBN1NV6ZgJoejrliMn3zuWx4SWz
gWSWk34dZkk0CwwlTkBVwTMHehuq+rlntW5eMgxuMzJTxpe5DzvR46RBoNdeuc73
xohTEmbz9BI8SbmYovTwMy0qZHrBEbK53aPlDNxv/gLEaXKpK87gQVrKXNJ0yN98
zm6q4gIviHHo6oR3v08fS/QbdgRXWhDOTcTSKoj9H00v4RV1h3GcjA6HMIildQMc
fXbkxHJznEd1YfNdWZgxWUqpuNAdxwSkfMQwByrK+NbExN+RSv0qgJEz1z9DOTi9
9/zUQkr9gRjV3YshnUw7vJju4RMzqY2NfPkX/8+r8yxnXDYXEoh89T/is0BW8ESV
UQfTz9xTMSh9B3CYJPh2WvfWoPOj4eLi3i/rleMDiXK2mOzcmivQ8lmK/Obh0C7n
6I5lNgRo4e1JMFWI2oBJdDLqj2brc464gxUjWtKdX/2VGML0h+DXg9vPKzKjo0Qx
2BUY43VKVon1gU46PV0hfsQ5pKomcx/szDUGlaiWbGj2Wr90wFPw58GaIjmxeBrU
Zu1bnkbFgkl52lHDIiE6oKyRzakGHKfV9yBJKLZ3tno9ClH/R+8=
=vDLP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2339-1] software-properties security update
Next by Date: [SECURITY] [DLA 2340-1] sqlite3 security update
Previous by thread: [SECURITY] [DLA 2339-1] software-properties security update
Next by thread: [SECURITY] [DLA 2340-1] sqlite3 security update
Index(es):
- Date
- Thread