This bug was fixed in the package proftpd-dfsg - 1.3.4a-1ubuntu0.1 --------------- proftpd-dfsg (1.3.4a-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: The mod_copy module in ProFTPD 1.3.4a allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. (LP: #1462311) - debian/patches/CVE-2015-3306.patch: adjust contrib/mod_copy.c to check authentication status. Based on upstream patch. - CVE-2015-3306 -- Brian Morton <bmor...@dvidshub.net> Sat, 4 Dec 2016 15:16:02 -0500 ** Changed in: proftpd-dfsg (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: proftpd-dfsg (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs