From $URL: Fabian Vogt reported via email that while debugging an issue with libssh+mod_sftp, he accidentially stumbled upon a reliable way to crash the proftpd server process (ProFTPD Version 1.3.6d): ssh user@server scp This causes sftp_scp_set_params to call getopt() with argc=2 and argv of ["scp", NULL], which leads to a null deref in getopt(). This does not happen with plain scp as client, because it passes the target path as non-option argument and so getopt() does not even reach the invalid last argv pointer.
Maintainer, please bump to 1.3.7.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f696442ef121d976168fed565b7e76cb4c6ab5a6 commit f696442ef121d976168fed565b7e76cb4c6ab5a6 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-07-21 07:16:01 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-07-21 07:16:18 +0000 net-ftp/proftpd: bump up to 1.3.7 Bug: https://bugs.gentoo.org/733376 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> net-ftp/proftpd/Manifest | 1 + net-ftp/proftpd/proftpd-1.3.7.ebuild | 275 +++++++++++++++++++++++++++++++++++ 2 files changed, 276 insertions(+)
commit 931ba0027e9147bb1c40346d49718518195a105b Author: Sergei Trofimovich <slyfox@gentoo.org> Date: Tue Jul 21 19:15:05 2020 +0100 net-ftp/proftpd: bump up to 1.3.7a Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> create mode 100644 net-ftp/proftpd/proftpd-1.3.7a.ebuild commit 67a88ab29c7b4fc82630528bbef7ec270094c651 Author: Sergei Trofimovich <slyfox@gentoo.org> Date: Tue Jul 21 19:16:00 2020 +0100 profiles/package.mask: drop proftpd-1.3.7 mask The 1.3.7 ebuild is removed and fixed 1.3.7a version is available. Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Thanks Sergei. Let's stable 1.3.7a when ready.
ping
Tree is clean: commit 6e34b2123f7d2fa2d3c09c422e0ccae037b58353 Author: Sergei Trofimovich <slyfox@gentoo.org> Date: Mon Sep 7 21:45:21 2020 +0100 net-ftp/proftpd: drop old Package-Manager: Portage-3.0.5, Repoman-3.0.1 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> delete mode 100644 net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild
New GLSA request filed.
This issue was resolved and addressed in GLSA 202009-11 at https://security.gentoo.org/glsa/202009-11 by GLSA coordinator Thomas Deutschmann (whissi).