-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: ia64 Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: ia64 Build Daemon (alkman) Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: b43905918fa528f83048f857627dc4dfd792e0db 2761004 proftpd-basic_1.3.3a-6squeeze4_ia64.deb 67c8dd02df8ae9e2275bb2a49322d254bb29eee1 1164526 proftpd-dev_1.3.3a-6squeeze4_ia64.deb a4a7f106cdfd018f36fc232e457cfdff8960c0db 350072 proftpd-mod-mysql_1.3.3a-6squeeze4_ia64.deb f989e9cfa24b912028f0633107798a3bc04196c5 349762 proftpd-mod-pgsql_1.3.3a-6squeeze4_ia64.deb c865e21250528fa48df1c476a4d34797a4af8ce7 364110 proftpd-mod-ldap_1.3.3a-6squeeze4_ia64.deb 467b0ab95b0c0acd125c12587297efd8b8741f76 352374 proftpd-mod-odbc_1.3.3a-6squeeze4_ia64.deb c0f79b4d5b638939f93977ac0476c625af9d1824 349016 proftpd-mod-sqlite_1.3.3a-6squeeze4_ia64.deb Checksums-Sha256: f67fbc2cee0064efc5219f5e1e4d9eaa9a2b229e0015ab3c45faf135f93dbc0a 2761004 proftpd-basic_1.3.3a-6squeeze4_ia64.deb 3388be7109776db5342e31959ede1b9a3d7b16dfa96902e6ea2f2b502ac70b2f 1164526 proftpd-dev_1.3.3a-6squeeze4_ia64.deb 9d7d1d2550d84f2bde095549b1bdd86b7494e82e19722f2fe98183936bc0429b 350072 proftpd-mod-mysql_1.3.3a-6squeeze4_ia64.deb b6fbe4c31ca4ea5fd0a196cf76320166cfe0f8c002286aed35a666bb7ca7fb4b 349762 proftpd-mod-pgsql_1.3.3a-6squeeze4_ia64.deb 186055208ff1f8dea01dc1f71b24fa66d3abe551156de5bf8c4923fc5516f691 364110 proftpd-mod-ldap_1.3.3a-6squeeze4_ia64.deb 67a45916d87dc0322d025e545d9b4bc47b4c9146cec2657cc66dad024ab87b3b 352374 proftpd-mod-odbc_1.3.3a-6squeeze4_ia64.deb a5a213ae54751cc00d88175f189a7b14aa8f561dc48ff826fae9e93a469f1890 349016 proftpd-mod-sqlite_1.3.3a-6squeeze4_ia64.deb Files: 213f1a3d93782a8e9def27caa3b11cd7 2761004 net optional proftpd-basic_1.3.3a-6squeeze4_ia64.deb 77132547192d73968a8dc9079e11bfee 1164526 net optional proftpd-dev_1.3.3a-6squeeze4_ia64.deb 8e70151223f9bd997ee5a0364b5de463 350072 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_ia64.deb 7daaee4c40ccc7d16a9523e9735123d5 349762 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_ia64.deb 7105d60fbb8c7277d4c001f8b2be4d36 364110 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_ia64.deb 800d65d3f73dc8e4a57793b57465bb54 352374 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_ia64.deb 77ccf3e07aafe064f51a18fd3a29f097 349016 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOwFGoAAoJEEvpbjz8HoZoloIP/3TaStVApeZTU3Eu+4L6IAGw 65eZONqycwlhx3ar0YJqQo0g6Bis4FSPW4jjX2nWgfDc7w//xIAubHaOTCVv4h+u GRWO3EHRCUV35gomVXrKX12l99iXhG5m/O+SfmgOyizoFTu3HEGcDQAGJogq9FL+ NWM27suP9QvsfYeAhDOIuMVST7/JZPe0cg+8o1wrGgHWqrtxeSyogEFAiAUpqKxI B45W5kQSaekg2jccUdAWPmUqOlnXnJgVEyK2yR/YgJDE+Nou0rLZ3cVMmb7amGwL PEsAxmMreC7BJfxsIPZSihp4mDU1BlcuUoIBHzhQWPbvRKIDWHQtBnMoDbSxyaOk ssnnd0eC2jJCVQGGhr01c7wtawkfJjH/wfxiBjPIwarQUHREmpgkdKtMWdSrZ0Dl BOo8redr7qp396+qiS4r+oH6Q+FsOSQaFBja0tbzSAACfowXWfd7QzzSLuyvcy7Z vDRDWpdZSa73UZ9AbTMrHuBF//x9OrxA4ZYoILN0qeqvctcY6GDHLorKsmS5lEa9 97S6z0Wvgpsuwf4ZnS9bilnoDjG/xxBC9Zo2XRtvKj2TiNcVkWDyzX2n5g3Vj8q+ zJH/kyOrFVJGmVgRE0AX6Bco4+1s8fVKzmhilNhnZNzejz8ZCkv+A2ir9lo8nH7e QYUObOi2MrBG1sdL13Bq =f1HN -----END PGP SIGNATURE-----