*** This bug is a duplicate of bug 674798 *** https://bugs.launchpad.net/bugs/674798
This bug was fixed in the package proftpd-dfsg - 1.3.2c-1ubuntu0.1 --------------- proftpd-dfsg (1.3.2c-1ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: Telnet IAC processing stack overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. (LP: #674646) - debian/patches/3521.patch: adjust src/netio.c to check buflen properly. - http://bugs.proftpd.org/attachment.cgi?id=3521 - CVE-2010-4221 * SECURITY UPDATE: Inappropriate directory traversal allowed by mod_site_misc. This vulnerability can be used to: - create a directory located outside the writable directory - delete a directory located outside the writable directory - create a symlink located outside the writable directory - change the time of a file located outside the writable directory. (LP: #674798) - debian/patches/CVE_2010_3867.dpatch: based on debian 3519.dpatch backported to v1.3.2 - http://bugs.proftpd.org/attachment.cgi?id=3519 - CVE-2010-3867 -- Neil Wilson <n...@aldur.co.uk> Sat, 13 Nov 2010 11:51:28 +0000 ** Changed in: proftpd-dfsg (Ubuntu) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4221 -- Telnet IAC processing stack overflow https://bugs.launchpad.net/bugs/674646 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs