Package: proftpd-basic Version: 1.3.4a-2+b1 Severity: normal Tags: security
There's a symlink race that could lead to root access in some configurations. See here: http://bugs.proftpd.org/show_bug.cgi?id=3841 There's an upstream bugfix, so that should probably be backported. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6.7 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages proftpd-basic depends on: ii adduser 3.113+nmu3 ii debconf 1.5.49 ii debianutils 4.3.2 ii libacl1 2.2.51-8 ii libc6 2.13-37 ii libcap2 1:2.22-1.2 ii libncurses5 5.9-10 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libpcre3 1:8.30-5 ii libssl1.0.0 1.0.1c-4 ii libtinfo5 5.9-10 ii libwrap0 7.6.q-24 ii netbase 5.0 ii sed 4.2.1-10 ii ucf 3.0025+nmu3 ii update-inetd 4.43 ii zlib1g 1:1.2.7.dfsg-13 proftpd-basic recommends no packages. Versions of packages proftpd-basic suggests: ii openbsd-inetd [inet-superserver] 0.20091229-2 ii openssl 1.0.1c-4 pn proftpd-doc <none> pn proftpd-mod-ldap <none> pn proftpd-mod-mysql <none> pn proftpd-mod-odbc <none> pn proftpd-mod-pgsql <none> pn proftpd-mod-sqlite <none> -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
