Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits: d691cbad by Roberto C. Sánchez at 2020-02-27T17:14:35-05:00 update notes on CVE-2020-9274/pure-ftpd - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -362,6 +362,8 @@ CVE-2020-9275 CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) - pure-ftpd 1.0.49-4 (bug #952666) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa + NOTE: though the CVE description does not specifically say, the issue seems to be a heap out-of-bounds read + NOTE: probably not the end of the world, but it is made worse by use of the rather unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-1} - proftpd-dfsg 1.3.6c-1 (bug #951800) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d691cbade58a84e3f21ac01363145eac315275b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d691cbade58a84e3f21ac01363145eac315275b1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits