DSA-1925-1

Name	DSA-1925-1
Source	Debian
Description	proftpd-dfsg - SSL certificate verification weakness
References	CVE-2009-3639
Debian/oldstable	package proftpd-dfsg is fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
proftpd-dfsg (PTS)	etch	1.3.0-19etch2	vulnerable
	etch (security)	1.3.0-19etch3	fixed
	lenny, lenny (security)	1.3.1-17lenny4	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
proftpd	etch	1.3.0-19etch2	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	1.3.0-19etch2	vulnerable	powerpc
	etch (security)	1.3.0-19etch3	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, s390, sparc
proftpd, proftpd-doc	lenny, lenny (security)	1.3.1-17lenny4	fixed	all
proftpd-basic, proftpd-mod-ldap, proftpd-mod-mysql, proftpd-mod-pgsql	lenny, lenny (security)	1.3.1-17lenny4	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
proftpd-doc, proftpd-ldap, proftpd-mysql, proftpd-pgsql	etch	1.3.0-19etch2	vulnerable	all
	etch (security)	1.3.0-19etch3	fixed	all

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
proftpd-dfsg	source	etch	1.3.0-19etch3	unknown
proftpd-dfsg	source	lenny	1.3.1-17lenny4	unknown

Home - Testing Security Team - Debian Security - Imprint