Hello, * Hilmar Preuße <hill...@web.de> [210901 08:28]: > Am 28.08.2021 um 13:31 teilte Chris Hofstaedtler mit: > > it has been found that proftpd's mod_radius leaks uninitialised memory > > to the RADIUS server, as part of the encrypted User-Password. > > > > Upstream report: https://github.com/proftpd/proftpd/issues/1284 > > Patch: https://github.com/proftpd/proftpd/pull/1285/files > > > > Upstream fixed this in HEAD and version 1.3.7c. > > > > Please consider applying the patch to buster and bullseye. If need be I > > can also look into supplying updated (source) packages. > > > I've pushed the patch to stable and oldstable branch. Further I've packaged > the 1.3.7c for unstable and would upload soon.
Thanks a lot! > - Do we need to have the fix in all 3 distributions? > - Are you willing to test the fix before I upload? I can easily test on oldstable (=buster), but not on bullseye. Chris (Also, I'll be away most of the remaining September weeks, so I could only do that relatively soon.)
