Debian Package Tracker

general

source: pure-ftpd (main)
version: 1.0.49-4
maintainer: Stefan Hornburg (Racke) (DMD)
arch: all any
std-ver: 4.0.0
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.36-3.2
o-o-sec: 1.0.36-3.2+deb8u1
oldstable: 1.0.43-3
stable: 1.0.47-3
unstable: 1.0.49-4

versioned links

1.0.36-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.36-3.2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.43-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.47-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.49-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

pure-ftpd (30 bugs: 1, 23, 6, 0)
pure-ftpd-common (5 bugs: 0, 1, 4, 0)
pure-ftpd-ldap (9 bugs: 0, 7, 2, 0)
pure-ftpd-mysql (6 bugs: 0, 6, 0, 0)
pure-ftpd-postgresql (4 bugs: 0, 2, 2, 0)

action needed

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2020-03-03 Last update: 2020-08-14 16:04

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2020-06-28 Last update: 2020-08-14 16:02

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:33

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2019-20176: In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
CVE-2020-9274: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
CVE-2020-9365: An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

Please fix them.

Created: 2020-01-01 Last update: 2020-08-07 06:08

3 ignored security issues in buster low

There are 3 open security issues in buster.

3 issues skipped by the security teams:

CVE-2019-20176: In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
CVE-2020-9274: An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
CVE-2020-9365: An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

Please fix them.

Created: 2020-01-01 Last update: 2020-08-07 06:08

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-07-02 18:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.0.0).

Created: 2018-04-16 Last update: 2020-02-27 18:40

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for pure-ftpd (- to 1.0.49-4): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating pure-ftpd introduces new bugs: #943874
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/p/pure-ftpd.html
- 169 days old (needed 5 days)
- Not considered

news

[rss feed]

[2020-02-27] Accepted pure-ftpd 1.0.36-3.2+deb8u1 (source all amd64) into oldoldstable (Roberto C. Sanchez)
[2020-02-27] Accepted pure-ftpd 1.0.49-4 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-02-26] Accepted pure-ftpd 1.0.49-3 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-01-01] Accepted pure-ftpd 1.0.49-2 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-12-24] pure-ftpd REMOVED from testing (Debian testing watch)
[2019-11-06] pure-ftpd 1.0.49-1 MIGRATED to testing (Debian testing watch)
[2019-10-30] Accepted pure-ftpd 1.0.49-1 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-03-30] Accepted pure-ftpd 1.0.47-4 (source all amd64) into experimental (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-02-05] pure-ftpd 1.0.47-3 MIGRATED to testing (Debian testing watch)
[2019-01-30] Accepted pure-ftpd 1.0.47-3 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-12-07] pure-ftpd 1.0.47-2 MIGRATED to testing (Debian testing watch)
[2018-12-01] Accepted pure-ftpd 1.0.47-2 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-11-05] pure-ftpd 1.0.47-1 MIGRATED to testing (Debian testing watch)
[2018-10-30] Accepted pure-ftpd 1.0.47-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2017-07-31] pure-ftpd 1.0.46-1 MIGRATED to testing (Debian testing watch)
[2017-07-24] Accepted pure-ftpd 1.0.46-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-12-19] pure-ftpd 1.0.43-3 MIGRATED to testing (Debian testing watch)
[2016-12-08] Accepted pure-ftpd 1.0.43-3 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-11-28] pure-ftpd 1.0.43-2 MIGRATED to testing (Debian testing watch)
[2016-10-31] Accepted pure-ftpd 1.0.43-2 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-09-11] pure-ftpd 1.0.43-1 MIGRATED to testing (Debian testing watch)
[2016-09-05] Accepted pure-ftpd 1.0.43-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2015-03-06] pure-ftpd 1.0.36-3.2 MIGRATED to testing (Britney)
[2015-03-03] Accepted pure-ftpd 1.0.36-3.2 (source all amd64) into unstable (gregor herrmann)
[2014-11-22] pure-ftpd 1.0.36-3.1 MIGRATED to testing (Britney)
[2014-11-16] Accepted pure-ftpd 1.0.36-3.1 (source all amd64) into unstable (Julien Cristau)
[2014-10-30] pure-ftpd 1.0.36-3 MIGRATED to testing (Britney)
[2014-10-19] Accepted pure-ftpd 1.0.36-3 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2014-07-06] pure-ftpd 1.0.36-2 MIGRATED to testing (Britney)
[2014-07-01] Accepted pure-ftpd 1.0.36-2 (source all amd64) (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)

bugs [bug history graph]

all: 54 55
RC: 1
I&N: 38 39
M&W: 15
F&P: 0
patch: 6

links

homepage
lintian (0, 8)
buildd: logs, checks, clang, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (100, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.49-4
27 bugs (1 patch)