Bug#782781: No security fix yet
Dear proftpd maintainers, following a recent press release [1], exploits [2] for this bug [3] exist and the bug seems to be unfixed in the currently supported oldstable and stable releases [4]. What about considering a security release or updating the security-tracker information? [1] http://www.heise.de/newsticker/meldung/Angreifer-nutzen-kritische-Luecke-in-ProFTPD-aus-2652114.html (German) [2] https://github.com/nootropics/propane [3] http://bugs.proftpd.org/show_bug.cgi?id=4169 [4] https://security-tracker.debian.org/tracker/CVE-2015-3306 -- Mit freundlichen Grüßen, Mario Lipinski IServ GmbH Bültenweg 73 38106 Braunschweig Telefon: 0531-2243666-0 Fax: 0531-2243666-9 E-Mail:i...@iserv.eu Internet: iserv.eu USt-IdNr. DE265149425 | Amtsgericht Braunschweig | HRB 201822 Geschäftsführer: Benjamin Heindl, Jörg Ludwig -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#782781: No security fix yet
Hi Mario, On Tue, May 19, 2015 at 08:33:08AM +0200, Mario Lipinski wrote: Dear proftpd maintainers, following a recent press release [1], exploits [2] for this bug [3] exist and the bug seems to be unfixed in the currently supported oldstable and stable releases [4]. What about considering a security release or updating the security-tracker information? [1] http://www.heise.de/newsticker/meldung/Angreifer-nutzen-kritische-Luecke-in-ProFTPD-aus-2652114.html (German) [2] https://github.com/nootropics/propane [3] http://bugs.proftpd.org/show_bug.cgi?id=4169 [4] https://security-tracker.debian.org/tracker/CVE-2015-3306 The information on the security tracker is indeed right. An update for proftpd-dfsg for wheezy-security and jessie-security is in the works and should be out hopefully soon. HTH and Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org