-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 13 Nov 2011 23:17:40 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite Architecture: sparc Version: 1.3.3a-6squeeze4 Distribution: squeeze-security Urgency: low Maintainer: sparc Build Daemon (spontini) Changed-By: Francesco Paolo Lovergine Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 648373 Changes: proftpd-dfsg (1.3.3a-6squeeze4) stable-security; urgency=low . * [SECURITY] 3711.dpatch. This patch fixes a response pool use-after-free memory corruption error. This is CVE-2011-4130. (closes: #648373) * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to clear the buffers of any data received from the client, once the SSL/TLS handshake has succeded. This is similar to CVE-2011-0411. Checksums-Sha1: c53df84545a5e91ed3e56cee5955f6269b394772 2371384 proftpd-basic_1.3.3a-6squeeze4_sparc.deb 55b015bbc55232732d02e12a9c86060261b20320 915356 proftpd-dev_1.3.3a-6squeeze4_sparc.deb cc4594337e6783e9867cf9d6e7b8a947f170faf3 345950 proftpd-mod-mysql_1.3.3a-6squeeze4_sparc.deb ff9fc996c03554e3946de1d4fce08ab0893f9369 346098 proftpd-mod-pgsql_1.3.3a-6squeeze4_sparc.deb e9e51baa36aaad89df607e829a89acfd1d76de0d 356476 proftpd-mod-ldap_1.3.3a-6squeeze4_sparc.deb db7b2252bf1c724c8ed969911cb128eadc5b846d 348078 proftpd-mod-odbc_1.3.3a-6squeeze4_sparc.deb 89f610dccfd9751ff84a12959c6827e5bed3c788 345182 proftpd-mod-sqlite_1.3.3a-6squeeze4_sparc.deb Checksums-Sha256: b0a80c89bb2e3ff5a1014cf63aba1a1e26f83d2e531d6b4427d4f8224ccc18a9 2371384 proftpd-basic_1.3.3a-6squeeze4_sparc.deb 715663fab2d4bc2d2504a92c736ddec1bdc8d4e5ad423d3188110b10c39ea1e7 915356 proftpd-dev_1.3.3a-6squeeze4_sparc.deb 5a17cbb72aec9a781712260301adffc22902d2fc2ede9664094d83d106afad18 345950 proftpd-mod-mysql_1.3.3a-6squeeze4_sparc.deb b091feb3fe79a778f9d41fff43174e93b0bb15a70913e52bdaf609d858afbc20 346098 proftpd-mod-pgsql_1.3.3a-6squeeze4_sparc.deb 6e0ca5412f7f3cc01286d049c1da74faa03f39f3a8a3e71d111fcb957762fabf 356476 proftpd-mod-ldap_1.3.3a-6squeeze4_sparc.deb 4865a64544d40366b1d5ba72264aab37bdb26cb2878f6f3ac9d443e5e38ce413 348078 proftpd-mod-odbc_1.3.3a-6squeeze4_sparc.deb 30c5e6b044a2a10e1a3aef1c2db5e7c4a472ece184883248bd784e6cb02fb68d 345182 proftpd-mod-sqlite_1.3.3a-6squeeze4_sparc.deb Files: 3cf53de488f49308873717ff587cd8d9 2371384 net optional proftpd-basic_1.3.3a-6squeeze4_sparc.deb 4f55055d7cc17bdf6be1378efaabdca3 915356 net optional proftpd-dev_1.3.3a-6squeeze4_sparc.deb 861438d5f0aa8ff4e720ae99717c45ff 345950 net optional proftpd-mod-mysql_1.3.3a-6squeeze4_sparc.deb eae5c5077d01f92f2cff87af655c38d4 346098 net optional proftpd-mod-pgsql_1.3.3a-6squeeze4_sparc.deb 2077203b325d5bc8d9769a7363f60aaa 356476 net optional proftpd-mod-ldap_1.3.3a-6squeeze4_sparc.deb d5592e2a2183b492923c0ed13d006b4e 348078 net optional proftpd-mod-odbc_1.3.3a-6squeeze4_sparc.deb 99031c4a5729013c2be04c4694f79ff5 345182 net optional proftpd-mod-sqlite_1.3.3a-6squeeze4_sparc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOwFPQAAoJEErIoNUNTAQMc0IP/1cgDBKYoUdRilEh75InIUU6 tKaHctGLxsSP0IcplIz63k9+M+ftjxU/D9JEHOu0Gy+m2AEFLI8BZg2l5fdgU5dV uzt835dNg/EugfijlGzNdeaj9znFujXjhjMKJCs6fotjePQ97mtJPtUTfxhtCp7V zBjxTuOYAw0gxdHLyutMfLKbiJuz/QPTqwPdzBkrt1PS/t2I+slfzLqFAN/qcFSz rIquYB6DHNzm7omyufbAMNQP9TRz5lG9kdse1rnli5pQPM7r8/QQ24AOksIwqgpt XxXWYEEwPqUbTE9+AzwwpyXRrD7FKSrh6AJWyLeQYA0j1OAviRcUZ7t/j+ovbQLO NEyE7JhenKW5pRsHJuvAHB4mvTGE87afGh8K1Ok0ghGYRd4WKRNH3LtrAF5sXBmc LilxHp4MHFwutxUp8M8+LMMWYWiaf8JOy7OQvsaamIRA/v7aBL3KBGECnpaozmIs WMhKbhPpo3DkfOYoQEoQAWbhaX1fyCW21EIueytccQM/rNsKKbK26vF0SxG2+Jbh pLBrngSPTi21mXxy8PJmquSBz+1UVhFTdIcfpEcoGcm/mvWm4N6lv4JLndUs6GPo sw0YHKLIBhoHirnRlcrS8xYir5K8hKU2qz2rK22xFS1l7UmtWsIElo0tExfRW46X ascyueZBpJG0HJHnEsNk =OkgN -----END PGP SIGNATURE-----