Format: 1.8 Date: Sat, 13 Nov 2010 11:51:28 +0000 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: powerpc powerpc_translations Version: 1.3.2c-1ubuntu0.1 Distribution: lucid Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Neil Wilson Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Launchpad-Bugs-Fixed: 674646 674798 Changes: proftpd-dfsg (1.3.2c-1ubuntu0.1) lucid-security; urgency=low . * SECURITY UPDATE: Telnet IAC processing stack overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. (LP: #674646) - debian/patches/3521.patch: adjust src/netio.c to check buflen properly. - http://bugs.proftpd.org/attachment.cgi?id=3521 - CVE-2010-4221 * SECURITY UPDATE: Inappropriate directory traversal allowed by mod_site_misc. This vulnerability can be used to: - create a directory located outside the writable directory - delete a directory located outside the writable directory - create a symlink located outside the writable directory - change the time of a file located outside the writable directory. (LP: #674798) - debian/patches/CVE_2010_3867.dpatch: based on debian 3519.dpatch backported to v1.3.2 - http://bugs.proftpd.org/attachment.cgi?id=3519 - CVE-2010-3867 Checksums-Sha1: 8494b7cb1d31462f3d2ac254d1cc494a05063c9f 912696 proftpd-basic_1.3.2c-1ubuntu0.1_powerpc.deb 30938724a1725ab2f8809b2408de49dd11a44a78 650088 proftpd-dev_1.3.2c-1ubuntu0.1_powerpc.deb 03d166c81c8484b2b759b26996bc0582e922dcc5 304836 proftpd-mod-mysql_1.3.2c-1ubuntu0.1_powerpc.deb 200ee8b8db54b1b5d3cfb7f69f47c922b8de7b97 304764 proftpd-mod-pgsql_1.3.2c-1ubuntu0.1_powerpc.deb 9f82754e9016588f00e884fe45c6a17182432105 314412 proftpd-mod-ldap_1.3.2c-1ubuntu0.1_powerpc.deb 9934298a9f90d68446068f0f9a948b2c4e15a7dd 307256 proftpd-mod-odbc_1.3.2c-1ubuntu0.1_powerpc.deb 7865a8726b54e7eecc55157cff5309497e294e6c 304356 proftpd-mod-sqlite_1.3.2c-1ubuntu0.1_powerpc.deb 61d7027092339aa06b16b86e2439bd94d5e148ff 77663 proftpd-dfsg_1.3.2c-1ubuntu0.1_powerpc_translations.tar.gz Checksums-Sha256: 99d557564ab4e59d7c1da0de0f158c3bc2dba5c7af3501efb92714589985b0ea 912696 proftpd-basic_1.3.2c-1ubuntu0.1_powerpc.deb 1e3e3e717ee5469e007d1b7bfaa39bb951c89f9ddc3aaf775c5672ed1c80abeb 650088 proftpd-dev_1.3.2c-1ubuntu0.1_powerpc.deb 03906ef20e41ebec803381b19024c4b85dbd3e76d58f7583b36d087d91ff1eaa 304836 proftpd-mod-mysql_1.3.2c-1ubuntu0.1_powerpc.deb b98f13f31cd4ab9816899fcd59a0f68bb09a9fed120a5905d32daf71c9f94172 304764 proftpd-mod-pgsql_1.3.2c-1ubuntu0.1_powerpc.deb d2c3d6daeee117bb7f81acb8b7a70e7c0d7c68c0632744f8c172fcb8999a5cad 314412 proftpd-mod-ldap_1.3.2c-1ubuntu0.1_powerpc.deb 033d15fa42eccd63dc614206e137c19aab03e09c032ec7bfc38e6b16e6552bfe 307256 proftpd-mod-odbc_1.3.2c-1ubuntu0.1_powerpc.deb 6ffc60ab4cf11743174dcaf96e998c09cdd7bdf13b8c45e3d45b58733ebaade2 304356 proftpd-mod-sqlite_1.3.2c-1ubuntu0.1_powerpc.deb 9ec55b300dac0bbb5539060f17652c5c8a0fea85cf85b88ebc44d648e981e3a7 77663 proftpd-dfsg_1.3.2c-1ubuntu0.1_powerpc_translations.tar.gz Files: 36c45fe93da689b218a611d658a450db 912696 net optional proftpd-basic_1.3.2c-1ubuntu0.1_powerpc.deb 18c8a077a585aa5b2a647feb8ac847a9 650088 net optional proftpd-dev_1.3.2c-1ubuntu0.1_powerpc.deb dcfc8f65633d5cb22b00f9b301dd5f24 304836 net optional proftpd-mod-mysql_1.3.2c-1ubuntu0.1_powerpc.deb fab0aac243ff33c17f6a89044235694c 304764 net optional proftpd-mod-pgsql_1.3.2c-1ubuntu0.1_powerpc.deb 9ae5140bfb59259cab037de713433fca 314412 net optional proftpd-mod-ldap_1.3.2c-1ubuntu0.1_powerpc.deb 1dd8316bbf3b51c077dd1134ad82de8a 307256 net optional proftpd-mod-odbc_1.3.2c-1ubuntu0.1_powerpc.deb d82f9ef4590762f6ace72bf2f90128b9 304356 net optional proftpd-mod-sqlite_1.3.2c-1ubuntu0.1_powerpc.deb 618dccbb24f4fc4e8c0663217dda4ab2 77663 raw-translations - proftpd-dfsg_1.3.2c-1ubuntu0.1_powerpc_translations.tar.gz Original-Maintainer: Francesco Paolo Lovergine