[Bug 905252] Re: CVE-2011-4130
Ubuntu Foundation's Bug Bot
905252 at bugs.launchpad.net
Fri Dec 16 16:14:14 UTC 2011
The attachment "proftpd-dfsg_natty.debdiff" of this bug report has been
identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch you can resolve this situation by removing the tag
'patch' from the bug report and editing the attachment so that it is not
flagged as a patch. Additionally, if you are member of the ubuntu-
sponsors team please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by
Brian Murray. Please contact him regarding any issues with the action
taken in this bug report.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/905252
Title:
CVE-2011-4130
Status in “proftpd-dfsg” package in Ubuntu:
In Progress
Bug description:
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
allows remote authenticated users to execute arbitrary code via vectors
involving an error that occurs after an FTP data transfer.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4130
- https://launchpad.net/bugs/cve/CVE-2011-4130
- http://security-tracker.debian.net/tracker/CVE-2011-4130
Effected:
- Lucid
- Maverick
- Natty
- Oneiric
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/905252/+subscriptions
More information about the Ubuntu-sponsors
mailing list