Information on source package proftpd-dfsg

Available versions

ReleaseVersion
jessie1.3.5-1.1+deb8u2
jessie (security)1.3.5e+r1.3.5-2+deb8u4
stretch1.3.5b-4+deb9u1
stretch (security)1.3.5b-4+deb9u2
buster (security)1.3.6-4+deb10u2
bullseye1.3.6b-1
sid1.3.6b-1

Open issues

BugjessiestretchbusterbullseyesidDescription
TEMP-0923926-B85BA9fixedvulnerable (no DSA)fixedfixedfixedhigh memory usage with some long running sessions

Resolved issues

BugDescription
TEMP-0000000-3815A2Avoid unbounded SFTP extended attribute key/values
CVE-2019-18217ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...
CVE-2019-12815An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...
CVE-2017-7418ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the h ...
CVE-2016-3125The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 ...
CVE-2015-3306The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read a ...
CVE-2013-4359Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...
CVE-2012-6095ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows lo ...
CVE-2011-4130Use-after-free vulnerability in the Response API in ProFTPD before 1.3 ...
CVE-2011-1137Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d a ...
CVE-2010-4652Heap-based buffer overflow in the sql_prepare_where function (contrib/ ...
CVE-2010-4221Multiple stack-based buffer overflows in the pr_netio_telnet_gets func ...
CVE-2010-3867Multiple directory traversal vulnerabilities in the mod_site_misc modu ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...
CVE-2009-3639The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2 ...
CVE-2009-0543ProFTPD Server 1.3.1, with NLS support enabled, allows remote attacker ...
CVE-2009-0542SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 a ...
CVE-2008-7265The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote aut ...
CVE-2008-4242ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...
CVE-2007-2165The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...
CVE-2006-6563Stack-based buffer overflow in the pr_ctrls_recv_request function in c ...
CVE-2006-6171
CVE-2006-6170Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...
CVE-2006-5815Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...
CVE-2005-4816Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...

Security announcements

DSA / DLADescription
DSA-4559-1proftpd-dfsg - security update
DSA-4559-1proftpd-dfsg - security update
DLA-1974-1proftpd-dfsg - security update
DLA-1873-1proftpd-dfsg - security update
DSA-4491-1proftpd-dfsg - security update
DSA-4491-1proftpd-dfsg - security update
DLA-1753-3proftpd-dfsg - regression update
DLA-1753-2proftpd-dfsg - regression update
DLA-1753-1proftpd-dfsg - security update
DSA-3263-1proftpd-dfsg - security update
DSA-3263-1proftpd-dfsg - security update
DSA-2767-1proftpd-dfsg - denial of service
DSA-2767-1proftpd-dfsg - denial of service
DSA-2606-1proftpd-dfsg - symlink race
DSA-2346-2proftpd-dfsg - several
DSA-2346-1proftpd-dfsg - several
DSA-2346-1proftpd-dfsg - several
DSA-2191-1proftpd-dfsg - several
DSA-2185-1proftpd-dfsg - integer overflow
DSA-1925-1proftpd-dfsg - SSL certificate verification weakness
DSA-1925-1proftpd-dfsg - SSL certificate verification weakness
DSA-1730-1proftpd-dfsg - SQL injection vulnerabilites
DSA-1727-1- SQL injection vulnerabilites
DSA-1689-1proftpd-dfsg - Cross-Site Request Forgery

Search for package or bug name: Reporting problems