pure-ftpd - Debian Package Tracker

general

source: pure-ftpd (main)
version: 1.0.49-4.1
maintainer: Stefan Hornburg (Racke) (DMD)
arch: all any
std-ver: 4.0.0
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.43-3
oldstable: 1.0.47-3
stable: 1.0.49-4.1
testing: 1.0.49-4.1
unstable: 1.0.49-4.1

versioned links

1.0.43-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.47-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.49-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

pure-ftpd (30 bugs: 0, 24, 6, 0)
pure-ftpd-common (6 bugs: 0, 2, 4, 0)
pure-ftpd-ldap (9 bugs: 0, 7, 2, 0)
pure-ftpd-mysql (6 bugs: 0, 6, 0, 0)
pure-ftpd-postgresql (4 bugs: 0, 2, 2, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-40524: In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

Created: 2021-09-06 Last update: 2021-09-07 16:27

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-40524: In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

Created: 2021-09-06 Last update: 2021-09-07 16:27

8 bugs tagged patch in the BTS normal

The BTS contains patches fixing 8 bugs, consider including or untagging them.

Created: 2021-08-14 Last update: 2021-09-20 23:32

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-04-11 10:19

4 low-priority security issues in buster low

There are 4 open security issues in buster.

4 issues left for the package maintainer to handle:

CVE-2019-20176: (needs triaging) In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
CVE-2020-9274: (needs triaging) An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
CVE-2020-9365: (needs triaging) An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
CVE-2021-40524: (needs triaging) In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-09-07 16:27

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2021-40524: (needs triaging) In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-09-06 Last update: 2021-09-07 16:27

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-07-02 18:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.0.0).

Created: 2018-04-16 Last update: 2021-08-18 14:02

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-01-29] pure-ftpd 1.0.49-4.1 MIGRATED to testing (Debian testing watch)
[2021-01-29] pure-ftpd 1.0.49-4.1 MIGRATED to testing (Debian testing watch)
[2021-01-23] Accepted pure-ftpd 1.0.49-4.1 (source) into unstable (Andreas Beckmann)
[2020-02-27] Accepted pure-ftpd 1.0.36-3.2+deb8u1 (source all amd64) into oldoldstable (Roberto C. Sanchez)
[2020-02-27] Accepted pure-ftpd 1.0.49-4 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-02-26] Accepted pure-ftpd 1.0.49-3 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2020-01-01] Accepted pure-ftpd 1.0.49-2 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-12-24] pure-ftpd REMOVED from testing (Debian testing watch)
[2019-11-06] pure-ftpd 1.0.49-1 MIGRATED to testing (Debian testing watch)
[2019-10-30] Accepted pure-ftpd 1.0.49-1 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-03-30] Accepted pure-ftpd 1.0.47-4 (source all amd64) into experimental (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-02-05] pure-ftpd 1.0.47-3 MIGRATED to testing (Debian testing watch)
[2019-01-30] Accepted pure-ftpd 1.0.47-3 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-12-07] pure-ftpd 1.0.47-2 MIGRATED to testing (Debian testing watch)
[2018-12-01] Accepted pure-ftpd 1.0.47-2 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-11-05] pure-ftpd 1.0.47-1 MIGRATED to testing (Debian testing watch)
[2018-10-30] Accepted pure-ftpd 1.0.47-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2017-07-31] pure-ftpd 1.0.46-1 MIGRATED to testing (Debian testing watch)
[2017-07-24] Accepted pure-ftpd 1.0.46-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-12-19] pure-ftpd 1.0.43-3 MIGRATED to testing (Debian testing watch)
[2016-12-08] Accepted pure-ftpd 1.0.43-3 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-11-28] pure-ftpd 1.0.43-2 MIGRATED to testing (Debian testing watch)
[2016-10-31] Accepted pure-ftpd 1.0.43-2 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2016-09-11] pure-ftpd 1.0.43-1 MIGRATED to testing (Debian testing watch)
[2016-09-05] Accepted pure-ftpd 1.0.43-1 (source all amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2015-03-06] pure-ftpd 1.0.36-3.2 MIGRATED to testing (Britney)
[2015-03-03] Accepted pure-ftpd 1.0.36-3.2 (source all amd64) into unstable (gregor herrmann)
[2014-11-22] pure-ftpd 1.0.36-3.1 MIGRATED to testing (Britney)
[2014-11-16] Accepted pure-ftpd 1.0.36-3.1 (source all amd64) into unstable (Julien Cristau)
[2014-10-30] pure-ftpd 1.0.36-3 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 57 58
RC: 0
I&N: 42 43
M&W: 15
F&P: 0
patch: 8

links

homepage
lintian (0, 6)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.49-4.1build1
31 bugs (2 patches)