tag 648373 + pending tag 648373 + patch thanks On Thu, Nov 10, 2011 at 09:31:17PM +0100, Florian Weimer wrote: > Package: proftpd-dfsg > Version: 1.3.3a-6squeeze1 > Severity: grave > Tags: security > > A use-after-free issue has been discovered in ProFTPd: > > <http://bugs.proftpd.org/show_bug.cgi?id=3711> > > It seems that squeeze is vulnerable, too. I haven't checked the code > in lenny yet. >
I have 1.3.3a-6squeeze3 ready for squeeze with the required fix. Waiting for a secteam go signal, just in case. -- Francesco P. Lovergine
#! /bin/sh /usr/share/dpatch/dpatch-run
## 3711.dpatch by Francesco Paolo Lovergine <fran...@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch'
'--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' proftpd-dfsg~/src/main.c
proftpd-dfsg/src/main.c
--- proftpd-dfsg~/src/main.c 2011-11-11 12:23:30.000000000 +0100
+++ proftpd-dfsg/src/main.c 2011-11-11 12:39:53.000000000 +0100
@@ -706,6 +706,10 @@
_dispatch(cmd, LOG_CMD_ERR, FALSE, NULL);
pr_response_flush(&resp_err_list);
+
+ /* Restore any previous pool to the Response API. */
+ pr_response_set_pool(resp_pool);
+
return success;
}
@@ -761,6 +765,9 @@
break;
default:
+ /* Restore any previous pool to the Response API. */
+ pr_response_set_pool(resp_pool);
+
errno = EINVAL;
return -1;
}
signature.asc
Description: Digital signature
