-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: kfreebsd-i386 Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: kfreebsd-i386 Build Daemon (finzi) Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: e91017658e67c8742b8bba5142b2f6ee4db4b3c1 2328510 proftpd-basic_1.3.3a-6squeeze4_kfreebsd-i386.deb 20f915b48e061dc65b203f9af8b14e5b104f5a4c 830580 proftpd-dev_1.3.3a-6squeeze4_kfreebsd-i386.deb bb097efd7d4974ce2e36a0e4cfb8b0831ddf6e58 345684 proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-i386.deb c35fd1eff2c3251736d37c0c12802c0bfe061a72 345518 proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-i386.deb a52ef41cc65b00ec99d264d16377e2e8ed4469c5 354362 proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-i386.deb 15518b903d2445e7ef194d8b2c0a311d75009a4f 347188 proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-i386.deb 65a82b5d3d911ac0cf898f3b222191ba44b5eed6 344880 proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-i386.deb Checksums-Sha256: f12a94f1bfcfff29f89ac78717653f8965e1b4f0ec90baf80fd665a83f5a066d 2328510 proftpd-basic_1.3.3a-6squeeze4_kfreebsd-i386.deb c209186f8e2640996573f74ea7798e1fb38c6265f490c22a396b6525ab64ec31 830580 proftpd-dev_1.3.3a-6squeeze4_kfreebsd-i386.deb 75cddab8524245e60a407aa1fdfb5f031f5f7c360b8886739208ea5756be4958 345684 proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-i386.deb e97e77ca53621ffac9ce074182e89c808a99a77223d2b30183dc52a0900c73cc 345518 proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-i386.deb dd8ca88cf77a58b967bf3e52bb6506c6fb66f8e5ce88aeeb12a7d092cf3e2350 354362 proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-i386.deb a23f96dbe5df3f1a99061804a1e66053059380ce83192f04950e0031642b20fc 347188 proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-i386.deb 2bdbafdfc8b4b13cb081f2c3f58a2f4b52b41d3b31f0e23f70e034ade0e2bcdd 344880 proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-i386.deb Files: eb4f75915546f4ad3691cf882414f2ac 2328510 net optional proftpd-basic_1.3.3a-6squeeze4_kfreebsd-i386.deb c8847067b03be011339bc8c40ff6c01f 830580 net optional proftpd-dev_1.3.3a-6squeeze4_kfreebsd-i386.deb 6d5ab52217e99578da5af547d00e0f01 345684 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_kfreebsd-i386.deb 1bc2340c5e4cf6d1a13079dce91fa1f6 345518 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_kfreebsd-i386.deb 9d5976dc331fa69267479249b3b77566 354362 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_kfreebsd-i386.deb b93251a6d3a5fd26bc3ca045c73bca8b 347188 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_kfreebsd-i386.deb bdb44868394ef9d8e41aa5a819978f4e 344880 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_kfreebsd-i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/kFreeBSD) iQIcBAEBAgAGBQJOwE9fAAoJEGTibMHYWaUAbVIP/2iWfVoYT8BFZ95c5LpUbhFr kcHkzVLHMCbAm9B6a+/wROOB/OVBKFR3DhLy57n3QkIZktEXxd3DwcLWDCJsj0XZ 2EEdcIdUnEOXF10/xYI0C5fZ6sRYNIBkf6OhOh48ib9Bj3L/klSdnFVLSPQ1jCX4 NVHQLS8z7vYgc4pe/lpj/kLd2b9pzdUGp9w/w78Be8aUvOmLnkgeYwsE2jwkkgOD cY8A6QHEBqHj9ERZbSRyCx0Wl8oGcG9KenrZD4BJJOQ7GincuTpTDm/P9tz5Kawy vcNgNsUDjsB+QrR5kI81VgH0twkTqYVnBZUp171jkH4XH61ciJHLjVpc0ORximlo tZ+GqfiRfEVngv2iCLyuSfduBIIee7DLVDL5fVCNN2PUFjFguxp4LVEIYxIdh7V7 qlPOjS35RCjJIwgJ/LtPycL4FxokBIcpXI2xrh+7b0Qw1rMgjrPjw5zD23869LlN 0WBjdhSJU3ShAbNeCpdXcxz5eN7WqPu7AjNhKY/MYNGGac1olcq0pElRI9cPwbYS Hv2lE4L1qFyreW6ir0XGG1FHuquaaMpqh7mjxP+Y3o7Kh10DJrq7BV6lRGWN3b5N N+k0UZziSJde5cXOfskN8iWz8+RPb7ntV4lGmqlCnP1AFiDnD1ug3ESsrHwGmFgC H9YgMZaO2PLm6xlrhi5Q =ECVW -----END PGP SIGNATURE-----