Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted proftpd-dfsg 1.3.7a+dfsg-12+deb11u3 (source) into oldstable-security
Date: Fri, 29 Nov 2024 19:40:19 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Nov 2024 21:20:02 +0000
Source: proftpd-dfsg
Architecture: source
Version: 1.3.7a+dfsg-12+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1082326
Changes:
 proftpd-dfsg (1.3.7a+dfsg-12+deb11u3) bullseye-security; urgency=medium
 .
    * LTS Team upload
    * Fix CVE-2023-48795: Add patch for Terrapin attack.
    * Fix CVE-2023-51713: make_ftp_cmd in main.c in ProFTPD has a one-byte
      out-of-bounds read, and daemon crash, because of mishandling of
      quote/backslash semantics.
    * Fix CVE-2024-48651: Supplemental Group Inheritance Grants
      Unintended Access to GID 0
      (Closes: #1082326)
Checksums-Sha1:
 cb8e847561ff72075d6875546b5e5f6a7d4f2d59 3148 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.dsc
 e6a02a44166bd36548a5132c41f3fb4270b33c95 20276614 proftpd-dfsg_1.3.7a+dfsg.orig.tar.gz
 43c39b4dec78ac8369f1e963bfd595429b014f80 93512 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.debian.tar.xz
 893ce8fc6f8019c9f0ec36dc31f429398b562265 15633 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3_amd64.buildinfo
Checksums-Sha256:
 64fb92f5cf58b32d6e601450fb61ca75572c16f39f6faa9b87e34694ac0878c1 3148 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.dsc
 572ad47ba7a5b6f39bb3ef293b6361c01daa0d25ed463dace15a7d5a9649c15f 20276614 proftpd-dfsg_1.3.7a+dfsg.orig.tar.gz
 3a9c7b9a6e224e7a0f375bc4db713aca383befac0a158a3a585d0bb0cff030e2 93512 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.debian.tar.xz
 13650a4e68362b31ee4984000c5b0800b4e31cb72f8944303d2efa25257e2a47 15633 proftpd-dfsg_1.3.7a+dfsg-12+deb11u3_amd64.buildinfo
Files:
 338580b1d7bb1dc2f096c2b86fc2c8ae 3148 net optional proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.dsc
 91ccc20e0ca76218699a5b256358e945 20276614 net optional proftpd-dfsg_1.3.7a+dfsg.orig.tar.gz
 c85339adeafba3ddf40a9f994ec79428 93512 net optional proftpd-dfsg_1.3.7a+dfsg-12+deb11u3.debian.tar.xz
 11624dee3d865b3dad2f266aee3852f7 15633 net optional proftpd-dfsg_1.3.7a+dfsg-12+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdKE/IRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+aSxAAoREIKhqr74ZygCs6AcUWmNNxs588zRdE
4CKbPuXZi/OTYZ9dj4J9novPlhVSQIfp2be1Vr0+oAFH0P6FtnsJJ+1v3J/UDji+
krvVIK4N4Kz8MrfjDVM5ZMwtnU2UFtBOeZqq2m04i+61FOrKtWpNwZAhxc5D3VH9
N8QR1zFm9RbQW0dJ1Tj7GZO1p/8Y0b8j5bXQ2lH1y8aazki9T2iBnLlOG1mPdx3d
R4lzVV9ubKot2TU8Qh4sMX9habmEVs7YcRpKTAz/IJt/0stvfMHLJ6MuVaCM0xHm
QHWICDufg1spXyxCqhdoccuS7kV5DaSB9aJNU2VQvelGuRL3okjDl0a7naays80u
IXetEqHW+5gzlDg17qsJbvHjxsHl2DdcLhEcpG8mEBr/6v/ePHNOgh53vweS6+gT
9IaPArmK/1RFx8PlNt2sC+F/xqIbq/jr45w1yiopj1kbnnTO3Ui5yj/5f47emCyC
LnFjeOc4cJb19HVzM1rmq1l8EwOhNb4saU3TphRy8pFJF1CAl50icKQxGGbaV/p8
7CiZTu7h65BU6j3L0a21idfJYeagXHU0dqvpmvIxDQOLpAwBhiGWe84KZ2MzwoQg
1iP6i4kLY9Pd7TgQmKhKuOJqhf9rJEDK3wg3CzjddVECnuF5+CbXFY7wpmCHM75L
F3KXyWo1isw=
=g0ry
-----END PGP SIGNATURE-----

News for package proftpd-dfsg