On Thu, 25 Apr 2019 13:53:06 +0200 Ghislain Adnet <gad...@aqueos.com> wrote: > hi, > > We are still using the old package not protected from the vulnerability, > any idea when sftp on jessie will work again ? > Is there anything i can do to help it ? > > regards, > Ghislain.
Hello and thanks for your offer. Since I haven't heard back from the Debian maintainers of proftpd I decided to backport all memory leak and DoS fixes to the old 1.3.5 version in Jessie. I think it makes no sense to move forward to 1.3.6 because there is already another reported issue in #927270 which affects 1.3.6 and 1.3.5e. So in short even if I backport the latest upstream release to Jessie and Stretch there will be new bugs and problems depending on your setup. I have uploaded my new version for Jessie here: https://people.debian.org/~apo/proftpd/ I would really appreciate it if you could give these packages a try and report back if they work for you. To the best of my knowledge this should fix all reported memory leaks but without the regressions reported in this bug report. Regards, Markus
signature.asc
Description: OpenPGP digital signature
