Summary: | <net-ftp/proftpd-1.3.6-r5: file copy vulnerability in mod_copy allows for remote code execution (CVE-2019-12815) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | slyfox |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
net-ftp/proftpd-1.3.6-r5
|
Runtime testing required: | No |
Description
GLSAMaker/CVETool Bot
2019-07-23 20:25:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a15285681e428f4d4800705b1561db599c3cf79 commit 7a15285681e428f4d4800705b1561db599c3cf79 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-07-24 06:40:13 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-07-24 06:40:45 +0000 net-ftp/proftpd: fix mod_copy RCE, bug #690528 Also known as CVE-2019-12815. Bug: https://bugs.gentoo.org/690528 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> net-ftp/proftpd/files/proftpd-1.3.6-mod_copy.patch | 96 +++++++ net-ftp/proftpd/proftpd-1.3.6-r5.ebuild | 275 +++++++++++++++++++++ 2 files changed, 371 insertions(+) Arches, please stabilize =net-ftp/proftpd-1.3.6-r5 for the following target keywords: KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thanks! x86 stable amd64 stable ppc64 stable ppc stable hppa/sparc stable ia64 stable arm stable alpha stable @maintainer, please drop vulnerable. This issue was resolved and addressed in GLSA 201908-16 at https://security.gentoo.org/glsa/201908-16 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3a7f7abcd42b96eb6ffeccdf180049f1e4e0a6f commit f3a7f7abcd42b96eb6ffeccdf180049f1e4e0a6f Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-08-15 18:43:24 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-08-15 18:44:10 +0000 net-ftp/proftpd: drop old Bug: https://bugs.gentoo.org/690528 Package-Manager: Portage-2.3.71, Repoman-2.3.17 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> net-ftp/proftpd/proftpd-1.3.6-r3.ebuild | 272 ------------------------------- net-ftp/proftpd/proftpd-1.3.6-r4.ebuild | 274 -------------------------------- 2 files changed, 546 deletions(-) Repository is clean, all done! |