-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: mipsel Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: mipsel Build Daemon (rem) Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: 801287221f0f487773516a9ca4c9862001574bba 2346190 proftpd-basic_1.3.3a-6squeeze4_mipsel.deb c87b979061b374a1a41320cea8a05ab3d6ce47ab 990224 proftpd-dev_1.3.3a-6squeeze4_mipsel.deb 759e8a0f783b201847e394200e8a02ce9ff72a27 345840 proftpd-mod-mysql_1.3.3a-6squeeze4_mipsel.deb 4e0c3fb58057889016d6085d7e7275df0939f12a 345628 proftpd-mod-pgsql_1.3.3a-6squeeze4_mipsel.deb 72e7fb49482af0c566b455839e987a17166481f6 353942 proftpd-mod-ldap_1.3.3a-6squeeze4_mipsel.deb 109148c6b273a613b9c53af979cb1df8340f58b7 347182 proftpd-mod-odbc_1.3.3a-6squeeze4_mipsel.deb 6c545f4e667ca1dc797780bedf46815330d4fd16 345218 proftpd-mod-sqlite_1.3.3a-6squeeze4_mipsel.deb Checksums-Sha256: 1ba81c7d049b8848ddc8bb41c7067eb5234f2190d6de7d901b9f6be28c5bf963 2346190 proftpd-basic_1.3.3a-6squeeze4_mipsel.deb 59f0e79d169137c3edf590338260bffe685b8fa9e7ebff64e3236c6f84024ebb 990224 proftpd-dev_1.3.3a-6squeeze4_mipsel.deb d08f9860edc5187ed14fc54bac1ed998c70039de1704081b156852b3982ad55b 345840 proftpd-mod-mysql_1.3.3a-6squeeze4_mipsel.deb a4272bdbb0ce67551eb36bcfece8e51b0a2d5e00d8c3083614b0c451ede1b6e8 345628 proftpd-mod-pgsql_1.3.3a-6squeeze4_mipsel.deb 200919139b7dd9c28729b1f56981f12b081249d234cc7fa72b8ef420839e4969 353942 proftpd-mod-ldap_1.3.3a-6squeeze4_mipsel.deb f440fb29a14181cc54f09051c67123a7de1bb472aa47eb25bd1975d647360cfd 347182 proftpd-mod-odbc_1.3.3a-6squeeze4_mipsel.deb 90c3e675a181fa120aa2b0e79b7367c9daef01175dc36246c5eb59bbe1859966 345218 proftpd-mod-sqlite_1.3.3a-6squeeze4_mipsel.deb Files: 5b7da915f87adce1961a957b3e873e68 2346190 net optional proftpd-basic_1.3.3a-6squeeze4_mipsel.deb 687759a1fb8e9a70b28ff4cccb30c64f 990224 net optional proftpd-dev_1.3.3a-6squeeze4_mipsel.deb 6fd82996e07e5d9fb5966cf50664bec8 345840 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_mipsel.deb e2c7ef7dc3d1e0decfe467a70bcfb048 345628 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_mipsel.deb d2af1e587e88b3e3eb1ed1e43b3a4ee4 353942 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_mipsel.deb 1750fa4d874fe77a89b41f904f026e1c 347182 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_mipsel.deb 103d30f687a11276e52ef1b280226d28 345218 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_mipsel.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOwFFWAAoJEAzzgj1nKIEueHoP/i0Kj0kg36rfLFBuSs6kbaED B4kF4c4PkWIxlLMSZauq5Tm5FJVKr7HPqinZvlSq/Xz0MitcRBXIv/Vk461DWOko Cvzwyj3wsMbfwCEUqzzIPBxty3XsdoP7iSNbEyrhUZpAiTB8OaNzR9akwl0fUTTk gdDDISmRxdpAvbTt0myZDgz8qVR1u9cjH9T/KIhZXAGIPgFRE0KejqwXQ5Xy45jA IcJSz/xiZi8JiUaaWCltVjgj89hydOX3GUqZ48OIm//4qhIs+Bz8usnUaGZK0/3t 4YQJQkWXWK9s3yTLxYjNYARZPMEjybKqQYHKTRDhG77x9I2dD5r3yfkyFsB7dTEX QpmqxKMuxHAXCxHEgA4+BtnaNjeX3IVOO9wOc9PmEIkIfZf8b9HxgUeh0oXl6sir kqxlJ70nG2b+n/rReSg0R8VnoVvmzmVtIA3oPPtHtpdNLtYij1IS6lG3JMjlHBmb lxNA6axNYfYS+Ndtoqnzq2HaGHSR5LTvzNI1erBU+EWeHgefWNr999C9qQlpeGnH RtkLEwU+CAmiwKuYMu7KDOHSIH80B/O0CG01uWUIVnCCqUKM7p8+u2ZlKIsXznOB LeQ/3GRfWZeMi4XHMPB0MFHIt8UDap+GQZ12ncHvaepXhRHqROmQDH/lF8MOcxg8 odpihZyCtsekOcYwZhXR =xFYp -----END PGP SIGNATURE-----