diff -u pure-ftpd-1.0.36/debian/control pure-ftpd-1.0.36/debian/control --- pure-ftpd-1.0.36/debian/control +++ pure-ftpd-1.0.36/debian/control @@ -1,7 +1,8 @@ Source: pure-ftpd Section: net Priority: optional -Maintainer: Stefan Hornburg (Racke) +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Stefan Hornburg (Racke) Build-Depends: debhelper (>= 5), libpam-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libldap2-dev, libmysqlclient-dev | libmysqlclient15-dev, libpq-dev, libssl-dev, openssl (>= 0.9.6), po-debconf Build-Conflicts: libmysqlclient10-dev Standards-Version: 3.8.4 diff -u pure-ftpd-1.0.36/debian/changelog pure-ftpd-1.0.36/debian/changelog --- pure-ftpd-1.0.36/debian/changelog +++ pure-ftpd-1.0.36/debian/changelog @@ -1,3 +1,14 @@ +pure-ftpd (1.0.36-1.1ubuntu0.1) trusty-security; urgency=low + + * SECURITY-UPDATE: SSLv3 is enabled by default allowing the POODLE + attack (LP: #1381840) + - debian/pure-ftpd-wrapper: enable loading of TLSCipherSuite parameter + with -S option to disable SSLv3 + - debian/etc/TLSCipherSuite: Add a default secure cipher suite to be loaded + - CVE-2014-3566 + + -- Joshua Zeitlinger Sun, 15 May 2016 17:12:03 -0400 + pure-ftpd (1.0.36-1.1) unstable; urgency=low * Non-maintainer upload. diff -u pure-ftpd-1.0.36/debian/pure-ftpd-wrapper pure-ftpd-1.0.36/debian/pure-ftpd-wrapper --- pure-ftpd-1.0.36/debian/pure-ftpd-wrapper +++ pure-ftpd-1.0.36/debian/pure-ftpd-wrapper @@ -87,6 +87,7 @@ 'Quota' => ['-n %d:%d', \&parse_number_2], 'SyslogFacility' => ['-f %s', \&parse_word, 99], 'TLS' => ['-Y %d', \&parse_number_1], + 'TLSCipherSuite' => ['--tlsciphersuite=-S%s', \&parse_string], 'TrustedGID' => ['-a %d', \&parse_number_1], 'TrustedIP' => ['-V %s', \&parse_ip], 'Umask' => ['-U %s:%s', \&parse_umask], only in patch2: unchanged: --- pure-ftpd-1.0.36.orig/debian/etc/TLSCipherSuite +++ pure-ftpd-1.0.36/debian/etc/TLSCipherSuite @@ -0,0 +1 @@ +:ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED-SHA:!DHE-RSA-SEED-SHA:+HIGH+MEDIUM