Debian Package Tracker - proftpd-dfsg

general

source: proftpd-dfsg (main)
version: 1.3.6b-2
maintainer: ProFTPD Maintainance Team (archive) (DMD)
uploaders: Hilmar Preusse [DMD] [DM] – Francesco Paolo Lovergine [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.5-1.1+deb8u2
o-o-sec: 1.3.5e+r1.3.5-2+deb8u5
oldstable: 1.3.5b-4+deb9u1
old-sec: 1.3.5b-4+deb9u2
old-p-u: 1.3.5b-4+deb9u3
stable: 1.3.6-4+deb10u2
stable-sec: 1.3.6-4+deb10u2
stable-p-u: 1.3.6-4+deb10u3
testing: 1.3.6b-2
unstable: 1.3.6b-2

versioned links

1.3.5-1.1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.5b-4+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.5b-4+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.5b-4+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.5e+r1.3.5-2+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.6-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.6-4+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.6b-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

proftpd-basic (11 bugs: 0, 6, 5, 0)
proftpd-dev
proftpd-doc
proftpd-mod-geoip
proftpd-mod-ldap
proftpd-mod-mysql
proftpd-mod-odbc
proftpd-mod-pgsql
proftpd-mod-snmp
proftpd-mod-sqlite

action needed

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2020-01-18 11:04

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #519175 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-19270: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
CVE-2019-19269: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Please fix them.

Created: 2019-11-26 Last update: 2019-12-14 06:00

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

TEMP-0923926-B85BA9:
CVE-2019-19269: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Please fix them.

Created: 2019-03-07 Last update: 2019-12-14 06:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2016-01-28 01:10

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-12-08 23:48

news

[rss feed]

[2020-01-12] Accepted proftpd-dfsg 1.3.5b-4+deb9u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hilmar Preusse)
[2020-01-08] Accepted proftpd-dfsg 1.3.6-4+deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Hilmar Preusse)
[2019-12-14] proftpd-dfsg 1.3.6b-2 MIGRATED to testing (Debian testing watch)
[2019-12-08] Accepted proftpd-dfsg 1.3.6b-2 (source) into unstable (Hilmar Preusse)
[2019-11-30] Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u5 (source i386 all) into oldoldstable (Adrian Bunk)
[2019-11-24] Accepted proftpd-dfsg 1.3.5b-4+deb9u2 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-11-09] Accepted proftpd-dfsg 1.3.6-4+deb10u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-11-07] proftpd-dfsg 1.3.6b-1 MIGRATED to testing (Debian testing watch)
[2019-11-05] Accepted proftpd-dfsg 1.3.5b-4+deb9u2 (source amd64 all) into oldstable->embargoed, oldstable (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-11-05] Accepted proftpd-dfsg 1.3.6-4+deb10u2 (source amd64 all) into stable->embargoed, stable (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-11-04] Accepted proftpd-dfsg 1.3.6b-1 (source) into unstable (Hilmar Preusse)
[2019-10-27] Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u4 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2019-10-22] Accepted proftpd-dfsg 1.3.6a-2 (source) into unstable (Hilmar Preusse)
[2019-10-14] Accepted proftpd-dfsg 1.3.6a-1 (source) into unstable (Hilmar Preusse)
[2019-08-10] Accepted proftpd-dfsg 1.3.5b-4+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hilmar Preusse) (signed by: Salvatore Bonaccorso)
[2019-08-07] Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u3 (source amd64 all) into oldoldstable (Markus Koschany)
[2019-08-05] Accepted proftpd-dfsg 1.3.6-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-08-04] Accepted proftpd-dfsg 1.3.6-4+deb10u1 (source amd64 all) into stable->embargoed, stable (Hilmar Preusse) (signed by: Moritz Mühlenhoff)
[2019-08-04] Accepted proftpd-dfsg 1.3.5b-4+deb9u1 (source) into oldstable->embargoed, oldstable (Hilmar Preusse) (signed by: Salvatore Bonaccorso)
[2019-07-29] proftpd-dfsg 1.3.6-6 MIGRATED to testing (Debian testing watch)
[2019-07-23] Accepted proftpd-dfsg 1.3.6-6 (source) into unstable (Hilmar Preusse)
[2019-07-22] proftpd-dfsg 1.3.6-5 MIGRATED to testing (Debian testing watch)
[2019-07-16] Accepted proftpd-dfsg 1.3.6-5 (source) into unstable (Hilmar Preusse)
[2019-05-21] Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u2 (source amd64 all) into oldstable (Markus Koschany)
[2019-05-01] Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u1 (source amd64 all) into oldstable (Markus Koschany)
[2019-04-09] Accepted proftpd-dfsg 1.3.5e-0+deb8u1 (source amd64 all) into oldstable (Markus Koschany)
[2019-01-19] proftpd-dfsg 1.3.6-4 MIGRATED to testing (Debian testing watch)
[2019-01-14] Accepted proftpd-dfsg 1.3.6-4 (source amd64 all) into unstable (Francesco Paolo Lovergine)
[2018-11-27] proftpd-dfsg 1.3.6-3 MIGRATED to testing (Debian testing watch)
[2018-11-21] Accepted proftpd-dfsg 1.3.6-3 (source amd64 all) into unstable, unstable (Francesco Paolo Lovergine)

bugs [bug history graph]

all: 14
RC: 0
I&N: 9
M&W: 5
F&P: 0
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.6-6build2
40 bugs (1 patch)