Critical security fix for CVE-2015-3306
Bug #1470259 reported by
Willem de Groot
This bug report is a duplicate of:
Bug #1462311: proftpd mod_copy issue (CVE-2015-3306).
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd-dfsg (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi and thanks for maintaining proftpd. We're seeing active exploitation of CVE-2015-3306 on standard proftpd installs (Ubuntu 12.04 and 14.04). Is there a particular reason there has not been a release yet? CVE details were released 2015-05-22.
See also:
http://
http://
https:/
http://
Ciao,
Willem
information type: | Private Security → Public |
To post a comment you must log in.
Hi Willem - proftpd-dfsg is in the universe pocket which means that it is a community maintained package. Someone will need to step up and create debdiffs containing the backported security fixes. The process is outlined here:
https:/ /wiki.ubuntu. com/SecurityTea m/SponsorsQueue #Notes_ for_Contributor s