Yeah, upstream releases rarely (2015 was the last) and while [1] is public the source [2] is behind some login it seems.
There also is a longer list of accrued bugs in Debian [3]. The particular issue reported here these days is fixed in [4][5][6] but I've not seen TLSv1.3 there. Maybe more of [7] is worth a check to be included and vsftpd worth of some attention. [1]: https://security.appspot.com/vsftpd.html [2]: https://security.appspot.com/vsftpd.html#docs [3]: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=vsftpd [4]: https://src.fedoraproject.org/rpms/vsftpd/blob/master/f/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch [5]: https://src.fedoraproject.org/rpms/vsftpd/blob/master/f/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch [6]: https://src.fedoraproject.org/rpms/vsftpd/blob/master/f/0043-Enable-only-TLSv1.2-by-default.patch [7]: https://src.fedoraproject.org/rpms/vsftpd/tree/master -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1804430 Title: Current vsftpd builds are still lacking ssl_tlsv1_[123] options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1804430/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
