Source: pure-ftpd Severity: grave Justification: causes non-serious data loss
Dear Maintainer, please consider disabling TLS 1.3 support. While you added TLS 1.3 compatibility through bug 918630, this uncovered a grave bug in pure-ftpd, see https://github.com/jedisct1/pure-ftpd/issues/102 or https://bugzilla.redhat.com/show_bug.cgi?id=1654838#c5 It's fixed in newer pure-ftpd versions. However, it's not easy to backport because upstream refactored TLS code while fixing this bug. That's why I am requesting to disable TLS 1.3 to avoid data loss. -- System Information: Debian Release: 9.9 APT prefers stable APT policy: (1001, 'stable'), (990, 'oldstable'), (500, 'oldstable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
