Information on source package proftpd-dfsg

Available versions

ReleaseVersion
jessie1.3.5e+r1.3.5-2+deb8u8
stretch1.3.5e+r1.3.5b-4+deb9u3
stretch (security)1.3.5e+r1.3.5b-4+deb9u2
buster1.3.6-4+deb10u6
buster (lts)1.3.6-4+deb10u4
bullseye1.3.7a+dfsg-12+deb11u2
bullseye (security)1.3.7a+dfsg-12+deb11u3
bookworm1.3.8+dfsg-4+deb12u3
trixie1.3.8.b+dfsg-4
sid1.3.8.b+dfsg-4

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-48651vulnerablevulnerablevulnerablefixedvulnerablefixedfixedIn ProFTPD through 1.3.8b before cec01cc, supplemental group inheritan ...
CVE-2023-51713vulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedmake_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...
CVE-2023-48795vulnerablevulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedThe SSH transport protocol with certain OpenSSH extensions, found in O ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-9272vulnerablevulnerablevulnerablefixedfixedfixedfixedProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...

Resolved issues

BugDescription
TEMP-0923926-B85BA9high memory usage with some long running sessions
TEMP-0000000-3815A2Avoid unbounded SFTP extended attribute key/values
CVE-2021-46854mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...
CVE-2020-9273In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...
CVE-2019-19272An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...
CVE-2019-19271An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A w ...
CVE-2019-19270An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...
CVE-2019-19269An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...
CVE-2019-18217ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...
CVE-2019-12815An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...
CVE-2017-7418ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the h ...
CVE-2016-3125The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 ...
CVE-2015-3306The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read a ...
CVE-2013-4359Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...
CVE-2012-6095ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows lo ...
CVE-2011-4130Use-after-free vulnerability in the Response API in ProFTPD before 1.3 ...
CVE-2011-1137Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d a ...
CVE-2010-4652Heap-based buffer overflow in the sql_prepare_where function (contrib/ ...
CVE-2010-4221Multiple stack-based buffer overflows in the pr_netio_telnet_gets func ...
CVE-2010-3867Multiple directory traversal vulnerabilities in the mod_site_misc modu ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...
CVE-2009-3639The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2 ...
CVE-2009-0543ProFTPD Server 1.3.1, with NLS support enabled, allows remote attacker ...
CVE-2009-0542SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 a ...
CVE-2008-7265The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote aut ...
CVE-2008-4242ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...
CVE-2007-2165The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...
CVE-2006-6563Stack-based buffer overflow in the pr_ctrls_recv_request function in c ...
CVE-2006-6171ProFTPD 1.3.0a and earlier does not properly set the buffer size limit ...
CVE-2006-6170Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...
CVE-2006-5815Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...
CVE-2005-4816Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...

Security announcements

DSA / DLADescription
DLA-3975-1proftpd-dfsg - security update
ELA-757-1proftpd-dfsg - security update
DLA-2338-2proftpd-dfsg - regression update
DLA-2338-1proftpd-dfsg - security update
DLA-2115-2proftpd-dfsg - regression update
DSA-4635-1proftpd-dfsg - security update
DLA-2115-1proftpd-dfsg - security update
DLA-2018-1proftpd-dfsg - security update
DSA-4559-1proftpd-dfsg - security update
DLA-1974-1proftpd-dfsg - security update
DLA-1873-1proftpd-dfsg - security update
DSA-4491-1proftpd-dfsg - security update
DLA-1753-3proftpd-dfsg - regression update
DLA-1753-2proftpd-dfsg - regression update
DLA-1753-1proftpd-dfsg - security update
DSA-3263-1proftpd-dfsg - security update
DSA-2767-1proftpd-dfsg - denial of service
DSA-2606-1proftpd-dfsg - symlink race
DSA-2346-2proftpd-dfsg - several
DSA-2346-1proftpd-dfsg - several
DSA-2191-1proftpd-dfsg - several
DSA-2185-1proftpd-dfsg - integer overflow
DSA-1925-1proftpd-dfsg - SSL certificate verification weakness
DSA-1730-1proftpd-dfsg - SQL injection vulnerabilites
DSA-1727-1- SQL injection vulnerabilites
DSA-1689-1proftpd-dfsg - Cross-Site Request Forgery

Search for package or bug name: Reporting problems