-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Aug 2020 18:07:56 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source Version: 1.3.5e+r1.3.5b-4+deb9u2 Distribution: stretch-security Urgency: high Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 968967 Changes: proftpd-dfsg (1.3.5e+r1.3.5b-4+deb9u2) stretch-security; urgency=high . * The memory pool was incorrectly destroyed in function sftp_kex_handle in contrib/mod_sftp/kex.c which may cause a segmentation fault and thus prevent sftp connections. Also do not overwrite the SSH2 packet pointer when handling NEWKEYS in the same function and make sure to use the specific kex pool when it is passed to the get_shared_name function. (Closes: #968967) Checksums-Sha1: 6d02f653eb6637acbca2aca91b80b3150bf92b1c 2990 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.dsc 269e0fd8354d2d0187852f8190333967af652812 85552 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.debian.tar.xz 49b45c8c93fca5b7921e3d13cd9a9d6de6fb6a0a 10329 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2_amd64.buildinfo Checksums-Sha256: 6a5c960509b3d51a89a4875cc3ee428686d4f9d18497235659074835c28569d8 2990 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.dsc 0d9899aa851f2630b00f0efab3ec6a62fa7461b7af0669ae3bcb990c28ea3d5f 85552 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.debian.tar.xz f396672453ee3e7c3c5b01b0f4e36e3705f072e14897df6c4f6ca7c830d2718e 10329 proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2_amd64.buildinfo Files: 50ebe4ee2681b46e6e524821a0f89aa4 2990 net optional proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.dsc 95d7d907464aef2ca014d4692a1fc9ee 85552 net optional proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2.debian.tar.xz 2850b4c96771d01fcf5b49cd808efec7 10329 net optional proftpd-dfsg_1.3.5e+r1.3.5b-4+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl9FXK9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkKWYQAMlhTfbSBixW5c8Z0UtsfoegWPu5s1CmqII7 UZ9QmLdFz3NE+alJpEKpWZ/YiI0lLftsDrDjPxCg2j6uybPX4ytyE6Y3AOOWuo2N 3WSZq+kkstNl6/gyg1khun+fBz7dmn/hSq0FMBOslMqK9r8oX3aCUzaJme6cv6vu Yun8D7FoWlDqA+xi1ffjBisvnXICpkaPyD7AxBXYgE18LNxATX7qa+Juz4zmJDxH LsXIXvzhqGkfXrfwPY7E9FAFyfrb8kxvAXoejrrIsZfdevk7pBlP75zM0rLK5f7/ QEM3j/Gf2+NB17CAshyarCpieojWw1q4P5Y1NSDmOn6zYaAxnOivlbbbZ1ZwsPuF Q6oS5fqgaXfUBrPpjgD7dDdDtnr/Wbez8tsl8UJv9hy/4w/qj0CpOQCGq08c0Bbw +svZr6Nr7OF/eegkrGGzgPrEo9DXjdeTvSNsIo/Gc0bk9k//pxjOsciWYmjnU0wP 5mw4WdcxyPWelUyVOUvVYxAaUTSRZSyQ7LpIG9j4TCKGRWGnlSa4YlHMrHT3cu1B tpvt6GRIe3GxPTWXT8teYOAsf1Zz/DyPjKgjPyttkRvd4FQKNPjJCwzHhrQEKPm2 zib+ZicoCykEsBV2Nsf/pmG2q5kJusWAezucBPe7annTm5Qmi/4ZGWlQM1v+rZZ0 dvcg9AKl =6/XO -----END PGP SIGNATURE-----
