Since I am the "culprit" that reported the second bug (CVE-2009-0542), I can
confirm it affects debian's proftpd packages in testing/unstable
repositories. That's because I discovered it on my debian system.
My proftpd version is 1.3.1-16.
According to the ProFTPD team, the bug is fixed in 1.
Package: proftpd
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for proftpd.
CVE-2009-0543[0]:
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote
| attackers to bypass SQL injection protec
2 matches
Mail list logo
