[Bug 1613737] Re: Proftpd - MLSD lines not properly terminated with CRLF

[Simon Quigley]

Unsubscribing ~ubuntu-sponsors for now because this is not ready to
sponsor quite yet.

Please fill out the bug report as requested for SRUs in
https://wiki.ubuntu.com/StableReleaseUpdates and resubscribe once that
is done. Also, in your debdiff, please use the version "1.3.5a-1.1"
instead of "1.3.5a-1build2"; the Security Team has a nice page
describing version numbers in stable releases:
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
- and I would also exclude mention of that from the DEP-3 header (thanks
for that!).

Thank you for your contribution to Ubuntu, and I look forward to getting
this sorted!

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1613737

Title:
  Proftpd - MLSD lines not properly terminated with CRLF

Status in Proftpd Dfsg:
  Fix Released
Status in proftpd-dfsg package in Ubuntu:
  Confirmed

Bug description:
  A bug exists in Proftpd version 1.3.5a. which causes ssl sessions to
  fail or timeout with some clients

  Excerpt from http://bugs.proftpd.org/show_bug.cgi?id=4202

  Server seems to send an improperly formatted response causing some clients to
  time out.

  Log from ftptest.net:
  [snip]
  Command: TYPE I
  Reply: 200 Type set to I
  Command: EPSV
  Reply: 229 Entering Extended Passive Mode (|||45766|)
  Command: MLSD
  Status: Data connection established.
  Reply: 150 Opening BINARY mode data connection for MLSD
  Error: Malformed directory listing
  Error: Line feed received without preceding carriage return

  This bug has been fixed upstream in version 1.3.5b I recommend getting
  this fixed this is causing a lot of havoc with my servers I've had to
  delay my rollout of 16.04 because of this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/proftpd-dfsg/+bug/1613737/+subscriptions