-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u7 CVE ID : CVE-2020-9273
It was discovered that there was a regression in a previous fix for a use-after-free vulnerability in the proftpd-dfsg FTP server. Exploitation of the original vulnerability within the memory pool handling could have allowed a remote attacker to execute arbitrary code on the affected system. However, the fix that was released in proftpd-dfsg version 1.3.5e+r1.3.5-2+deb8u6 had a regression around the handling of log formatting. For more information, please see: https://github.com/proftpd/proftpd/issues/903 For Debian 8 "Jessie", this issue has been fixed in proftpd-dfsg version 1.3.5e+r1.3.5-2+deb8u7. We recommend that you upgrade your proftpd-dfsg packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5dT6MACgkQHpU+J9Qx Hlg12RAAxjvWQ2MCsU7DIIkVujp4pFA3gbXglaQtj7GPgnvOD7+E/CbIpS5h4ChQ elFscK6MNCWqeU0F0qbjmE0R55PDiCuTiLGgYHg+j3mPkFHsS31BJEQ+jXORIVPK pXcJWSYIpQhi3zwbeQMkeN/K4Cm+NI++iXNUCELVOMLBX4N1Wix+2zkERMb3pXsw ZODRIKRpi0NpMrP1xYxOxK1vVSMVbxu97SLT0DsyFPG7jmjcm7c/xlPyjR2mKnij KA1zNWE/rFQuuEacLVMI/B68I3hnRgGjt1oexmitxTU8AjqAsnt60wsHQcDR2NF+ olHglbca8V8jjs07gjnWEvE8zVvcFCUNXGsb4UYtrGSvL3unhI5ogi4Tp/jw/mfL ReFi4iLyW5GpqlE1BSAMEpATotlk+jSS0sUDuGVG0T1ybA9Sn64lF7wxUcr3IZw1 FK772xh+C76VjU7VmSTVDSXyO9OjJ13edh3ZCu5DFbVEpd1SBLYrkhdPH3pDoLj+ ApC6G4uOQ51iO/grMEmKkk4AEdMUCnr2o2CUYZg8iNGeAegEOkohr/p2m+x3Cn+8 v1BICuxjegq8XEz4/+mfKfLRnimHvgloEG2QfIANiREBEH4DQ8Wc3vG+fbo4KT7+ UdLudt2L4rLXaPLXq7aMX2oxdbBgrfqpYlE665boHGmkA06NYo4= =K8+l -----END PGP SIGNATURE-----