2011-12-16 10:50:12 |
Mahyuddin Susanto |
bug |
|
|
added bug |
2011-12-16 10:50:47 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-16 10:50:48 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu): status |
New |
In Progress |
|
2011-12-16 10:51:12 |
Mahyuddin Susanto |
cve linked |
|
2011-4130 |
|
2011-12-16 12:14:25 |
Mahyuddin Susanto |
visibility |
private |
public |
|
2011-12-16 12:19:53 |
Mahyuddin Susanto |
attachment added |
|
proftpd-dfsg_natty.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2635925/+files/proftpd-dfsg_natty.debdiff |
|
2011-12-16 16:14:02 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2011-12-16 16:14:13 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2011-12-16 18:20:00 |
Micah Gersten |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2011-12-16 18:46:34 |
Mahyuddin Susanto |
removed subscriber Ubuntu Security Team |
|
|
|
2011-12-17 09:53:20 |
Mahyuddin Susanto |
attachment added |
|
proftpd_dfsg-maverick.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2637029/+files/proftpd_dfsg-maverick.debdiff |
|
2011-12-17 10:26:50 |
Mahyuddin Susanto |
attachment added |
|
proftpd-dfsg_lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2637054/+files/proftpd-dfsg_lucid.debdiff |
|
2011-12-17 10:28:02 |
Mahyuddin Susanto |
description |
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
- https://launchpad.net/bugs/cve/CVE-2011-4130
- http://security-tracker.debian.net/tracker/CVE-2011-4130
Effected:
- Lucid
- Maverick
- Natty
- Oneiric |
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
- https://launchpad.net/bugs/cve/CVE-2011-4130
- http://security-tracker.debian.net/tracker/CVE-2011-4130
Effected:
- Lucid
- Maverick
- Natty
Oneiric not effected because we have 1.3.4~rc2-4 on archive |
|
2011-12-17 10:28:11 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu): status |
In Progress |
New |
|
2011-12-17 10:28:15 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu): assignee |
Mahyuddin Susanto (udienz) |
|
|
2011-12-17 10:29:51 |
Mahyuddin Susanto |
cve linked |
|
2011-0411 |
|
2011-12-17 10:30:33 |
Mahyuddin Susanto |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2011-12-17 11:49:20 |
Mahyuddin Susanto |
summary |
CVE-2011-4130 |
CVE-2011-4130 in lucid, maverick, natty |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Lucid |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
bug task added |
|
proftpd-dfsg (Ubuntu Lucid) |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Maverick |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
bug task added |
|
proftpd-dfsg (Ubuntu Maverick) |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Natty |
|
2011-12-20 15:06:15 |
Jamie Strandboge |
bug task added |
|
proftpd-dfsg (Ubuntu Natty) |
|
2011-12-20 15:06:26 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Natty): status |
New |
Confirmed |
|
2011-12-20 15:06:28 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Natty): importance |
Undecided |
Medium |
|
2011-12-20 15:06:30 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Maverick): importance |
Undecided |
Medium |
|
2011-12-20 15:06:33 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Lucid): importance |
Undecided |
Medium |
|
2011-12-20 15:06:36 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Maverick): status |
New |
Incomplete |
|
2011-12-20 15:06:39 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Lucid): status |
New |
Incomplete |
|
2011-12-20 15:11:15 |
Jamie Strandboge |
cve linked |
|
2010-4652 |
|
2011-12-20 15:11:15 |
Jamie Strandboge |
cve linked |
|
2011-1137 |
|
2011-12-20 15:11:45 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Natty): status |
Confirmed |
Incomplete |
|
2011-12-20 15:11:47 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Natty): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-20 15:13:24 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Oneiric |
|
2011-12-20 15:13:24 |
Jamie Strandboge |
bug task added |
|
proftpd-dfsg (Ubuntu Oneiric) |
|
2011-12-20 15:13:24 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Precise |
|
2011-12-20 15:13:24 |
Jamie Strandboge |
bug task added |
|
proftpd-dfsg (Ubuntu Precise) |
|
2011-12-20 15:13:34 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Precise): status |
New |
Fix Released |
|
2011-12-20 15:13:38 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Oneiric): status |
New |
Incomplete |
|
2011-12-20 15:13:48 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Oneiric): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-20 15:13:55 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Maverick): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-20 15:14:02 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Lucid): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-20 15:15:10 |
Jamie Strandboge |
tags |
patch |
patch patch-needswork |
|
2011-12-20 15:15:29 |
Jamie Strandboge |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2011-12-20 15:15:39 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Security Team |
2011-12-22 15:21:46 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Maverick): status |
Incomplete |
In Progress |
|
2011-12-22 15:21:48 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Lucid): status |
Incomplete |
In Progress |
|
2011-12-22 15:21:49 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Oneiric): status |
Incomplete |
In Progress |
|
2011-12-22 15:21:51 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Natty): status |
Incomplete |
In Progress |
|
2011-12-22 15:22:04 |
Mahyuddin Susanto |
attachment removed |
proftpd-dfsg_natty.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2635925/+files/proftpd-dfsg_natty.debdiff |
|
|
2011-12-22 15:22:24 |
Mahyuddin Susanto |
attachment removed |
proftpd_dfsg-maverick.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2637029/+files/proftpd_dfsg-maverick.debdiff |
|
|
2011-12-22 15:22:47 |
Mahyuddin Susanto |
attachment removed |
proftpd-dfsg_lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+attachment/2637054/+files/proftpd-dfsg_lucid.debdiff |
|
|
2012-03-15 14:24:10 |
Aaron Kelley |
bug |
|
|
added subscriber Aaron Kelley |
2012-04-13 15:46:00 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Maverick): status |
In Progress |
Won't Fix |
|
2012-11-02 11:49:46 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Natty): status |
In Progress |
Won't Fix |
|
2012-11-21 17:47:45 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Maverick): assignee |
Mahyuddin Susanto (udienz) |
|
|
2012-11-21 17:47:59 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Natty): assignee |
Mahyuddin Susanto (udienz) |
|
|
2012-11-21 17:48:02 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Oneiric): assignee |
Mahyuddin Susanto (udienz) |
|
|
2012-11-21 17:48:16 |
Mahyuddin Susanto |
proftpd-dfsg (Ubuntu Lucid): assignee |
Mahyuddin Susanto (udienz) |
|
|
2013-05-21 15:47:25 |
Jamie Strandboge |
proftpd-dfsg (Ubuntu Oneiric): status |
In Progress |
Won't Fix |
|
2015-06-17 11:27:39 |
Rolf Leggewie |
proftpd-dfsg (Ubuntu Lucid): status |
In Progress |
Won't Fix |
|