On 9/16/19 3:53 PM, Thomas Deutschmann wrote: > Source: pure-ftpd > Severity: grave > Justification: causes non-serious data loss > > Dear Maintainer, > > please consider disabling TLS 1.3 support. > > While you added TLS 1.3 compatibility through bug 918630, this uncovered > a grave bug in pure-ftpd, see https://github.com/jedisct1/pure-ftpd/issues/102 > or https://bugzilla.redhat.com/show_bug.cgi?id=1654838#c5 > > It's fixed in newer pure-ftpd versions. However, it's not easy to backport > because upstream refactored TLS code while fixing this bug. > > That's why I am requesting to disable TLS 1.3 to avoid data loss.
So this affects the package version 1.0.47-3 in stable + testing? And the problem is supposed to fixed in the latest version ... I will take a look. Regards Racke > > > -- System Information: > Debian Release: 9.9 > APT prefers stable > APT policy: (1001, 'stable'), (990, 'oldstable'), (500, 'oldstable-updates') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
signature.asc
Description: OpenPGP digital signature