-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: source amd64 all Version: 1.3.3a-6squeeze4 Distribution: stable-security Urgency: low Maintainer: Francesco Paolo Lovergine Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: ec267578b10cf9d6bc8a4530475e843dfd95944a 1426 proftpd-dfsg_1.3.3a-6squeeze4.dsc 77fc5a4f580ef1058ff65efd3cdc70e1253259ee 108182 proftpd-dfsg_1.3.3a-6squeeze4.diff.gz 2bb34561a039215ea11cff34ee3268dc12f4314d 2404094 proftpd-basic_1.3.3a-6squeeze4_amd64.deb 639d175827dd98d8f9d948f5bc36eee3eef3ade6 889434 proftpd-dev_1.3.3a-6squeeze4_amd64.deb 24c56111e8f630e591fe989801fb2718dfcecb26 346766 proftpd-mod-mysql_1.3.3a-6squeeze4_amd64.deb b04e399315ed46aa1c56e66358f9e0748812441d 346460 proftpd-mod-pgsql_1.3.3a-6squeeze4_amd64.deb 6ff8aa6b9835f601cbea97306c91cd2c79f0b0f2 356368 proftpd-mod-ldap_1.3.3a-6squeeze4_amd64.deb 0aafd36b9de917652d76f505db548abff97b73df 348098 proftpd-mod-odbc_1.3.3a-6squeeze4_amd64.deb f6d9f188145de28b19047de0f2eb97a8fea33aef 345812 proftpd-mod-sqlite_1.3.3a-6squeeze4_amd64.deb f562db641c3b62d78607c12c8d02246a79453706 1508134 proftpd-doc_1.3.3a-6squeeze4_all.deb Checksums-Sha256: 78b1d27e6e274a62bf7991ad97563026ebb34b563059fce886e6ed799a963d7e 1426 proftpd-dfsg_1.3.3a-6squeeze4.dsc 719326db8ac471e1caf1c534aeb5d5da5baa323659582270ac7f1074fc89ed88 108182 proftpd-dfsg_1.3.3a-6squeeze4.diff.gz 6d3193773f15687e79596e7fdc77b20b6f1258688a0682f2d1438eb1c35354e5 2404094 proftpd-basic_1.3.3a-6squeeze4_amd64.deb fb43302e6c0c4e5f0467e022e74e2cdc229eb39dbe2a36b52fadaac0d3679121 889434 proftpd-dev_1.3.3a-6squeeze4_amd64.deb 0723b60e23e906fe3d20a1926425bf1d364ba333638835710e2d5a808cd08061 346766 proftpd-mod-mysql_1.3.3a-6squeeze4_amd64.deb 699b78ffef8989c09328fee992d1d8b298f18099d61674aafc535f17ab17fcef 346460 proftpd-mod-pgsql_1.3.3a-6squeeze4_amd64.deb f18db91364fb224c57845453b68595f230cf0687c2b26fe08a2cfc394ebd36cc 356368 proftpd-mod-ldap_1.3.3a-6squeeze4_amd64.deb 1b28312578e66c47f8c1d23a0d271384ccfb09457f9677886d8f43a503ae6995 348098 proftpd-mod-odbc_1.3.3a-6squeeze4_amd64.deb a5edfc13235c1ce1f853501302a527962584306855426d4a4d39cf9132f20c9a 345812 proftpd-mod-sqlite_1.3.3a-6squeeze4_amd64.deb ee95291ecd3f141f06b57e68f0a358b96b8990be376c92f28aa7aeddc157fdae 1508134 proftpd-doc_1.3.3a-6squeeze4_all.deb Files: 9413b160e117caf0ce596be1097318aa 1426 net optional proftpd-dfsg_1.3.3a-6squeeze4.dsc cb160663d3a546eab13b24459899a52e 108182 net optional proftpd-dfsg_1.3.3a-6squeeze4.diff.gz 585ab2c70be0387a29d049a1d1a57ae1 2404094 net optional proftpd-basic_1.3.3a-6squeeze4_amd64.deb dc024acfcd4f39deca0f629808c9aa0a 889434 net optional proftpd-dev_1.3.3a-6squeeze4_amd64.deb 5b62dcf505d01e55834eea4811cc46eb 346766 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_amd64.deb 3b9d79f9960f127f1c3d2275b3551547 346460 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_amd64.deb 6d9ee226da8c02b88fa0528e582452b4 356368 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_amd64.deb c127b01d43516a0f4a719c96d9b88273 348098 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_amd64.deb 577c0f5d16222bc1889d0ec690d4d05a 345812 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_amd64.deb cb642939f5b69a544fce7057da69a41f 1508134 doc optional proftpd-doc_1.3.3a-6squeeze4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk7ASFkACgkQpFNRmenyx0e5nQCcCvwNiDQ6jMyjfe/wonrw5nye LWYAoIZoZiBBPqcC31KroaSvdGHiZNSg =if7l -----END PGP SIGNATURE-----