Ubuntu
proftpd-dfsg package

Critical security fix for CVE-2015-3306

Bug #1470259 reported by Willem de Groot
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
proftpd-dfsg (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hi and thanks for maintaining proftpd. We're seeing active exploitation of CVE-2015-3306 on standard proftpd installs (Ubuntu 12.04 and 14.04). Is there a particular reason there has not been a release yet? CVE details were released 2015-05-22.

See also:

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306
https://www.exploit-db.com/exploits/36742/
http://bugs.proftpd.org/show_bug.cgi?id=4169

Ciao,
Willem

Willem de Groot (gwillem)
information type: Private Security → Public
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hi Willem - proftpd-dfsg is in the universe pocket which means that it is a community maintained package. Someone will need to step up and create debdiffs containing the backported security fixes. The process is outlined here:

  https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.