-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: i386 Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: i386 Build Daemon Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: c9222527634db6fa75ab689930fbf4a55f6b0c0d 2329126 proftpd-basic_1.3.3a-6squeeze4_i386.deb 7ac8b0a35f3dfd343a0b4232fa6fe1feeecd34f1 832460 proftpd-dev_1.3.3a-6squeeze4_i386.deb 28450fb23a0481277059732a77fadfdfa3dbde92 346132 proftpd-mod-mysql_1.3.3a-6squeeze4_i386.deb 52bda21f7bdff0d9bb454ddc69da684bc3dde21f 345946 proftpd-mod-pgsql_1.3.3a-6squeeze4_i386.deb 68024af29feb2d291ce6cb1c5235266dcdca3771 354774 proftpd-mod-ldap_1.3.3a-6squeeze4_i386.deb 342c1d627e573415a6f86af0d77fb40d42ff3d63 347678 proftpd-mod-odbc_1.3.3a-6squeeze4_i386.deb a467535ced609dc111876ca0e8fdbcebbb5d231d 345294 proftpd-mod-sqlite_1.3.3a-6squeeze4_i386.deb Checksums-Sha256: 2c4dc963a9948c73bf0180994d5b289c2f1823e8dac39d51e411e27abc666ee9 2329126 proftpd-basic_1.3.3a-6squeeze4_i386.deb d9c983f627f02c96d24ba07707af441f64d9803812b159c0af61c84d76f2f33c 832460 proftpd-dev_1.3.3a-6squeeze4_i386.deb f3419e17c5081af661faa7c221fe20905b76522f5b23d7a6b8f7613fd1afab31 346132 proftpd-mod-mysql_1.3.3a-6squeeze4_i386.deb 94c03472f8205a7ea8c2e9ad2e2d8a6633b20934c81a2860711a4d348c212108 345946 proftpd-mod-pgsql_1.3.3a-6squeeze4_i386.deb 0d9cc60ca6d4c4689e6f5d3e8d20cd7a2d9695e807ee025bfb6929500c6ffe08 354774 proftpd-mod-ldap_1.3.3a-6squeeze4_i386.deb 0e5832d34d9bf5eee4a14f9704b94c9ea7c37e67071d086a323334460741d9b5 347678 proftpd-mod-odbc_1.3.3a-6squeeze4_i386.deb 46d3e2d2981a64f60636bda577a6a4239bc531f100380af00412ef5d8661e92d 345294 proftpd-mod-sqlite_1.3.3a-6squeeze4_i386.deb Files: 73f429b04e9efad5a70e78e2d43e4269 2329126 net optional proftpd-basic_1.3.3a-6squeeze4_i386.deb 45c2e56774326b3251c1c678205b4f77 832460 net optional proftpd-dev_1.3.3a-6squeeze4_i386.deb 1ccd6fafbbc8e98d465e36e16715940d 346132 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_i386.deb 37ab92611f8bc7552175b2a7e1335b1c 345946 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_i386.deb 954558e37e2bcef2bd93aa0f30a738bf 354774 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_i386.deb 72ab6d7a40dadaed451b8a971dd693ad 347678 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_i386.deb e418d5ebe676bd7777a9421c50138769 345294 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOwE5ZAAoJECkckSfIPUEs75kQAK2kQduwuUKamMjW+gf+K4ln LjlKUJm0bG7qZDdBUQewfvGUQVZPxRPynycarjGALX1Zv3wbuvwqDOfn0I7r+JZF Rs+Fkgdnobo2k5kqfq+TO5EqMyPPRhmjEbaND35KP3zEFuRo4O/QXD+0ZsyX+B15 9KWL7GuIuqXyJaxGYkFB53RIQ6GfnOTL3cm/rUIl8ZM9aulMX9x4XSpzsj4Orfkp E8BDJBk6scYolDzsf9X5m2WGChs2ovST+S2yJXPdJGTvZ9sxqGjGeK40M2rOiw7V DVRTh1tO6UY6prFmyWGtnN+91e970OH2gzop1nS4skQKK/q57EQKYYj6ujZuXgfQ OBWwVbtR88JI/DoIEozbjuPt8CBluJQIDlXlndQEuYEhwe7M8wEqA+kzmOQ1i39o hgHc21rpsTjKGvZrFBXyz3iIUn6ltcegNzDsqcAASmHKdt1jCaza2E2+VyqrFDMo CUUkoSAXiwVCFZvydTxDG28C9qs629EUOlXu4oTdYFcfflz/j5Mb68Mv8n1sbRzs 65mCruQ2FfjqOdfH/YHtNwTr0kcpNpc1ZBC0PRYkX9wLAta6dlsKMaA6XZw1ejxv 2BtX9y3n37MwP81wT79JHdVe1+vqW251kaBxSJTSBH/7lRrpvevuatGtUqcvca6p 33KjkeoP9BVFshwYqnze =RboV -----END PGP SIGNATURE-----