[ubuntu/jaunty-security] proftpd-dfsg_1.3.1-17ubuntu1.1_hppa_translations.tar.gz, proftpd-dfsg_1.3.1-17ubuntu1.1_sparc_translations.tar.gz (delayed), proftpd-dfsg_1.3.1-17ubuntu1.1_lpia_translations.tar.gz, proftpd-dfsg, proftpd-dfsg_1.3.1-17ubuntu1.1_armel_translations.tar.gz, proftpd-dfsg_1.3.1-17ubuntu1.1_amd64_translations.tar.gz, proftpd-dfsg_1.3.1-17ubuntu1.1_i386_translations.tar.gz, proftpd-dfsg_1.3.1-17ubuntu1.1_ia64_translations.tar.gz, proftpd-dfsg_1.3.1-17ubuntu1.1_powerpc_translations.tar.gz 1.3.1-17ubuntu1.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Jan 20 23:03:23 GMT 2010


proftpd-dfsg (1.3.1-17ubuntu1.1) jaunty-security; urgency=low

  * Security: added 3124.dpatch patch to manage another SQL injection due to %
    variable substitution in user/group names. This is fixed in 1.3.2. This is
    CVE-2009-0542. (LP: #508738)

  * Security: added 3173fix.dpatch to use PQescapeStringConn() instead of the
    deprecated PQescapeString(), which does not honour the encoding.
    This is referred to the previous fix of #3173 aka CVE-2009-0543.

  * Security: added 3275.dpatch as taken from 1.3.2b branch to fix
    CVE-2009-3639.

Date: Tue, 19 Jan 2010 19:14:30 +0100
Changed-By: Jan Hagemeyer <janhg at et.uni-paderborn.de>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/proftpd-dfsg/1.3.1-17ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Tue, 19 Jan 2010 19:14:30 +0100
Source: proftpd-dfsg
Binary: proftpd proftpd-basic proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap
Architecture: source
Version: 1.3.1-17ubuntu1.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Jan Hagemeyer <janhg at et.uni-paderborn.de>
Description: 
 proftpd    - versatile, virtual-hosting FTP daemon
 proftpd-basic - versatile, virtual-hosting FTP daemon - binaries
 proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation
 proftpd-mod-ldap - versatile, virtual-hosting FTP daemon - LDAP module
 proftpd-mod-mysql - versatile, virtual-hosting FTP daemon - MySQL module
 proftpd-mod-pgsql - versatile, virtual-hosting FTP daemon - PostgreSQL module
Launchpad-Bugs-Fixed: 508738
Changes: 
 proftpd-dfsg (1.3.1-17ubuntu1.1) jaunty-security; urgency=low
 .
   * Security: added 3124.dpatch patch to manage another SQL injection due to %
     variable substitution in user/group names. This is fixed in 1.3.2. This is
     CVE-2009-0542. (LP: #508738)
 .
   * Security: added 3173fix.dpatch to use PQescapeStringConn() instead of the
     deprecated PQescapeString(), which does not honour the encoding.
     This is referred to the previous fix of #3173 aka CVE-2009-0543.
 .
   * Security: added 3275.dpatch as taken from 1.3.2b branch to fix
     CVE-2009-3639.
Checksums-Sha1: 
 e6562f220ac8b74ce78d5bf1e11d80a49eb3e072 1435 proftpd-dfsg_1.3.1-17ubuntu1.1.dsc
 7729f0cc71d57e9e94b85a338816d5e91ccaace8 103356 proftpd-dfsg_1.3.1-17ubuntu1.1.diff.gz
Checksums-Sha256: 
 ba91ab8636b388da3b4052f008537dd08dd8f8e4b9a2929b7605b8369b862852 1435 proftpd-dfsg_1.3.1-17ubuntu1.1.dsc
 15059494b4f67da58e7f9929792e32ed80b6bfdd448158097cdf83807281a76a 103356 proftpd-dfsg_1.3.1-17ubuntu1.1.diff.gz
Files: 
 5dc51fe4e85d2a19975baeb8a4fc8102 1435 net optional proftpd-dfsg_1.3.1-17ubuntu1.1.dsc
 72403cf5d6a5a14b9b0d282a6fd6b2d8 103356 net optional proftpd-dfsg_1.3.1-17ubuntu1.1.diff.gz
Original-Maintainer: Francesco Paolo Lovergine <frankie at debian.org>


More information about the Jaunty-changes mailing list