-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: kfreebsd-amd64 Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: kfreebsd-amd64 Build Daemon (fasch) Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: b03f997a915978b23450dc0519427de8c55864ec 2402378 proftpd-basic_1.3.3a-6squeeze4_kfreebsd-amd64.deb 1b1914d5498338ee13443edf699bac01a7154bad 889178 proftpd-dev_1.3.3a-6squeeze4_kfreebsd-amd64.deb 18a3fab85332b8661cbe65d49280a2d896e8a041 346772 proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-amd64.deb ec40a48cc6fc4fdef74044bf2ff94dcf92daf424 346458 proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-amd64.deb cdd9e311b8b4c9ad2a70c3287699f1228cc9a901 356360 proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-amd64.deb 9e401a6a74a00e7a56d74fade5f2e2fe42405610 348102 proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-amd64.deb aa167239a5ee7436b525fcbedc8b06ff4a976ca4 345822 proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-amd64.deb Checksums-Sha256: 275e8bfb6600b5118666ea93b617c3e4d64b0de80f0a7ed7b7143390ce9f9d6e 2402378 proftpd-basic_1.3.3a-6squeeze4_kfreebsd-amd64.deb 0f828fb1e0279eb278de2c3d2b9b4f4ffae8e5eadc7f5071232be3daba382387 889178 proftpd-dev_1.3.3a-6squeeze4_kfreebsd-amd64.deb 544aaaa56c281cf91ae7c2ed2363ff1e8c4d5d52c705cb78bbbafcb29f010ef1 346772 proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-amd64.deb 82e0f250c5b85ef138016e6943be434bafe06a167d2264a80253e4e30b1b664a 346458 proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-amd64.deb d9a5a60dec22828a9b2866647656096498bcee4900c8b371fafa7fd5c812f174 356360 proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-amd64.deb 72b865e7ccf715756021a7cb1417ec983c18b89ac0affb10488a87a093aa3e83 348102 proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-amd64.deb 02355710fb24790f24dc7bd20264b1ed71eac4d047b3b6887174f19e410bc9f2 345822 proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-amd64.deb Files: 44d25e666aa55bfb8e4ad8dda7230137 2402378 net optional proftpd-basic_1.3.3a-6squeeze4_kfreebsd-amd64.deb 8b6792b447f0a815a11f4f12d62f5932 889178 net optional proftpd-dev_1.3.3a-6squeeze4_kfreebsd-amd64.deb bf85e21857eb039a04835b4a62c2ed33 346772 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-amd64.deb 8bc5ef6b5ceedd75af9a85cb60b5ca36 346458 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-amd64.deb 42436c2df8c783ebb38511da39b20660 356360 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-amd64.deb b10bbb5997d00a3665d5a248e42f25a4 348102 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-amd64.deb 89f4da172dd0e11f65af6f61d74ac136 345822 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/kFreeBSD) iQIcBAEBAgAGBQJOwE9MAAoJELV0nKsIaKwSACYP/jxRR3KEo1zq0r3340yqQqqP 34sOSm1ZxYjqSIgawSrggKNFDElXYBGlhyC8q4SCrnlWWSWrKBjsrNsY8kIpINiT mRU1liPbgr/jkpaa9BgCF0y0wx84pIw+uj+INj0GOteFhpIEy0R2D6C2U+iyQhor KXu1iNyiq6tlrBgACrS2dvKEWS26KKg6RjWk1gU+gw6eiuqUyAzxlATRaU7IirTW StN+Zd1FNocmkvTbDy59GaDbD2tPdUZF08oJ14fzcrjtGA2+y9s/tSdNHdTBuVaT eTKUOWZYn0b1EnMzc294dHIX4Lgt0hIo9YgAHSQDmAXxzfWVt3RncLNcCRomNfUx FZgyy/llgrYw2VMJEXH1XGfxrDsm2nbwDkyAyWbijm+w3TrmO0AaUAK4CA7BWWAB X2naorDIGvJtxYrELz0SMeXIOvEcgtCiz7P56JfGTkQnuoD4VD9ZY/SluZv7PRgH fjf7Riv/FNgrJLg/z0tSSsV3O3a9eGkVXvggpCJ7Mz0eepZ1OJUfTmbwvSErxfFZ JLu9awfHBmluU4LLbtkP17Hj3qipQpL9nN2vnXA2kFZUxpIe0fmB+/4vuMyiEr4J 3PXuMjkEZIrhfNqxP8b2o9xXrGT7YhWLWDR/Aq3d9zIXYX+t60mt3/Dofc/abYC3 kcg5wW1gofVMldM5RTP1 =H1zg -----END PGP SIGNATURE-----