X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Am 28.08.2021 um 13:31 teilte Chris Hofstaedtler mit: Hi all,
I've pushed the patch to stable and oldstable branch. Further I've packaged the 1.3.7c for unstable and would upload soon.it has been found that proftpd's mod_radius leaks uninitialised memory to the RADIUS server, as part of the encrypted User-Password. Upstream report: https://github.com/proftpd/proftpd/issues/1284 Patch: https://github.com/proftpd/proftpd/pull/1285/files Upstream fixed this in HEAD and version 1.3.7c. Please consider applying the patch to buster and bullseye. If need be I can also look into supplying updated (source) packages.
- Do we need to have the fix in all 3 distributions? - Are you willing to test the fix before I upload? Hilmar -- sigfault
OpenPGP_signature
Description: OpenPGP digital signature
