| Release | Version |
|---|---|
| jessie | 1.0.36-3.2+deb8u1 |
| stretch | 1.0.43-3 |
| buster | 1.0.47-3 |
| bullseye | 1.0.49-4.1 |
| bookworm | 1.0.50-2.1 |
| trixie | 1.0.50-2.2 |
| sid | 1.0.50-2.2 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40524 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ... |
| CVE-2020-9365 | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ... |
| CVE-2020-9274 | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ... |
| CVE-2019-20176 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ... |
| Bug | Description |
|---|---|
| TEMP-0000000-00657F | pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem |
| CVE-2017-12170 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vuln ... |
| CVE-2011-1575 | The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ... |
| CVE-2011-0988 | pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and S ... |
| CVE-2011-0418 | The glob implementation in Pure-FTPd before 1.0.32, and in libc in Net ... |
| CVE-2004-0656 | The accept_client function in PureFTPd 1.0.18 and earlier allows remot ... |
| DSA / DLA | Description |
|---|---|
| DLA-2123-1 | pure-ftpd - security update |