Bug#648373: marked as done ([CVE-2011-4130] Use-after-free issue)

Debian Bug Tracking System Fri, 11 Nov 2011 04:51:52 -0800

Your message dated Fri, 11 Nov 2011 12:47:40 +0000
with message-id <e1roqwc-0000ws...@franck.debian.org>
and subject line Bug#648373: fixed in proftpd-dfsg 1.3.4~rc3-2
has caused the Debian Bug report #648373,
regarding [CVE-2011-4130] Use-after-free issue
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
648373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648373
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: proftpd-dfsg
Version: 1.3.3a-6squeeze1
Severity: grave
Tags: security

A use-after-free issue has been discovered in ProFTPd:

<http://bugs.proftpd.org/show_bug.cgi?id=3711>

It seems that squeeze is vulnerable, too.  I haven't checked the code
in lenny yet.

--- End Message ---

--- Begin Message ---

Source: proftpd-dfsg
Source-Version: 1.3.4~rc3-2

We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive:

proftpd-basic_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-basic_1.3.4~rc3-2_i386.deb
proftpd-dev_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-dev_1.3.4~rc3-2_i386.deb
proftpd-dfsg_1.3.4~rc3-2.debian.tar.gz
  to main/p/proftpd-dfsg/proftpd-dfsg_1.3.4~rc3-2.debian.tar.gz
proftpd-dfsg_1.3.4~rc3-2.dsc
  to main/p/proftpd-dfsg/proftpd-dfsg_1.3.4~rc3-2.dsc
proftpd-doc_1.3.4~rc3-2_all.deb
  to main/p/proftpd-dfsg/proftpd-doc_1.3.4~rc3-2_all.deb
proftpd-mod-ldap_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.4~rc3-2_i386.deb
proftpd-mod-mysql_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.4~rc3-2_i386.deb
proftpd-mod-odbc_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-mod-odbc_1.3.4~rc3-2_i386.deb
proftpd-mod-pgsql_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.4~rc3-2_i386.deb
proftpd-mod-sqlite_1.3.4~rc3-2_i386.deb
  to main/p/proftpd-dfsg/proftpd-mod-sqlite_1.3.4~rc3-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 648...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francesco Paolo Lovergine <fran...@debian.org> (supplier of updated 
proftpd-dfsg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 11 Nov 2011 13:19:37 +0100
Source: proftpd-dfsg
Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql 
proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite
Architecture: source i386 all
Version: 1.3.4~rc3-2
Distribution: unstable
Urgency: high
Maintainer: ProFTPD Maintainance Team 
<pkg-proftpd-maintain...@lists.alioth.debian.org>
Changed-By: Francesco Paolo Lovergine <fran...@debian.org>
Description: 
 proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries
 proftpd-dev - Versatile, virtual-hosting FTP daemon - development files
 proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation
 proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module
 proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module
 proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module
 proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module
 proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module
Closes: 648373
Changes: 
 proftpd-dfsg (1.3.4~rc3-2) unstable; urgency=high
 .
   * Added libacl1-dev and libssl-dev to proftpd-dev dependencies, due to
     header files inclusion.
   * Added patch 3711 to manage CVE-2011-4130 (Response pool use-after-free
     memory corruption error).
     (closes: #648373)
Checksums-Sha1: 
 8603692bbe7714c44ef60f084d5fddf0fc3ede1b 1933 proftpd-dfsg_1.3.4~rc3-2.dsc
 811a2e7c944caef6945ecfe4fa73217973539ff5 95813 
proftpd-dfsg_1.3.4~rc3-2.debian.tar.gz
 9533ab968b729c72ce7cbf38abefb25577f78a33 2501676 
proftpd-basic_1.3.4~rc3-2_i386.deb
 31822a3719bf4411f564dda8d7d706b93a670a4c 956166 
proftpd-dev_1.3.4~rc3-2_i386.deb
 b3d2a1435eb082d9cb265c07da0a5c5e9451c341 395878 
proftpd-mod-mysql_1.3.4~rc3-2_i386.deb
 798c176dbedb579260b32e9e45f9959375f0bc40 395728 
proftpd-mod-pgsql_1.3.4~rc3-2_i386.deb
 2446e8637c17b66da8abb2b158e71d0f9270b75e 404004 
proftpd-mod-ldap_1.3.4~rc3-2_i386.deb
 1ae72c374b004efc4907988b90d535a677618941 397098 
proftpd-mod-odbc_1.3.4~rc3-2_i386.deb
 24f66d189d8028964a4f77927cc4de1de9c35322 395248 
proftpd-mod-sqlite_1.3.4~rc3-2_i386.deb
 19493bebed53c02b27458d89772a79e5ff5da64f 1607688 
proftpd-doc_1.3.4~rc3-2_all.deb
Checksums-Sha256: 
 a1ffec4021bde2d178697fc7fab1f12d155eef8b09083c46117a35e405e6fac9 1933 
proftpd-dfsg_1.3.4~rc3-2.dsc
 c548b3c2710e3d3041814ee2bf61d7545392713fd06c5b1676c28633dd12d37d 95813 
proftpd-dfsg_1.3.4~rc3-2.debian.tar.gz
 e52ed7afdea4a5193904e228a12bc004fa67d9ca7fa7ae7614b64154dcd81b32 2501676 
proftpd-basic_1.3.4~rc3-2_i386.deb
 58149332745c6f42687229521d25e2d0daf29ef4d2c5661a026743418fbddbd5 956166 
proftpd-dev_1.3.4~rc3-2_i386.deb
 e70608d3c44f3e11fc9f43bf648ead11f5b0f775e8861fa21549a4c9b36dd7b2 395878 
proftpd-mod-mysql_1.3.4~rc3-2_i386.deb
 1331d9d6166c0183165c7a2f5f1d3bed99b571c160ed429e3973deb64693a066 395728 
proftpd-mod-pgsql_1.3.4~rc3-2_i386.deb
 b3f68ab506001422f9dd8b9e67cf3693df7bad162a5d1a8b8140ec95f7801213 404004 
proftpd-mod-ldap_1.3.4~rc3-2_i386.deb
 4aefaaf3b876ade5d048ed21b8c4609a84ac1cd1cba2459f60ea6f024c1e39f1 397098 
proftpd-mod-odbc_1.3.4~rc3-2_i386.deb
 6cb02ace3827d9f38e29e43aa2e57d280fcf9b843a2747b9757b13c2f8964c6d 395248 
proftpd-mod-sqlite_1.3.4~rc3-2_i386.deb
 4a79956016274dd6fd4e58eae43ee87196e23a32f0248212d04cccdeb65ed4f4 1607688 
proftpd-doc_1.3.4~rc3-2_all.deb
Files: 
 d2dacf45b83b5182a7ad2b54d1a63b8a 1933 net optional proftpd-dfsg_1.3.4~rc3-2.dsc
 3461a6655038ce71cc6f654972ce2dfd 95813 net optional 
proftpd-dfsg_1.3.4~rc3-2.debian.tar.gz
 3bb79708a202093f058c73bcd8a43df2 2501676 net optional 
proftpd-basic_1.3.4~rc3-2_i386.deb
 171281dddb0838f419d47e3f8e01354a 956166 net optional 
proftpd-dev_1.3.4~rc3-2_i386.deb
 a1df89b077c25ca2c3cc3b3c8fbd6795 395878 net optional 
proftpd-mod-mysql_1.3.4~rc3-2_i386.deb
 8bfa46c447cdeec02529ba711b5f598c 395728 net optional 
proftpd-mod-pgsql_1.3.4~rc3-2_i386.deb
 f96aa05c4dcec0188b2b86eadf93496b 404004 net optional 
proftpd-mod-ldap_1.3.4~rc3-2_i386.deb
 4ea9b5501b02296173d09096689a75f1 397098 net optional 
proftpd-mod-odbc_1.3.4~rc3-2_i386.deb
 8900e29cb3862c8bc16a6b90994cba34 395248 net optional 
proftpd-mod-sqlite_1.3.4~rc3-2_i386.deb
 6ddc2c8fbbe752c72aa67f11814ab583 1607688 doc optional 
proftpd-doc_1.3.4~rc3-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk69FboACgkQpFNRmenyx0eKcQCfUlVNfUGbsCHR97H3y0IIs3RP
jakAoPR8x+GfzBNYKpyt3Rv3C4zv1+i2
=ZRzF
-----END PGP SIGNATURE-----

--- End Message ---

Bug#648373: marked as done ([CVE-2011-4130] Use-after-free issue)

Reply via email to