Bug 699520 (CVE-2019-18217)

Summary:	<net-ftp/proftpd-1.3.6b: denial of service due to incorrect handling of long command (CVE-2019-18217)
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	slyfox
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/proftpd/proftpd/issues/846
Whiteboard:	B3 [glsa+ cve]
Package list:	net-ftp/proftpd-1.3.6b	Runtime testing required:	---

Description Hanno Böck gentoo-dev

2019-11-07 12:30:38 UTC

proftpd 1.3.6b fixes a pre-auth denial of service vulnerability, which is CVE-2019-18217.

I haven't found an existing bug for it. Update is already in the tree, but not stabilized yet. Can we stabilize?

Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev

2019-11-07 23:11:57 UTC

Sure.

Comment 2 Rolf Eike Beer archtester

2019-11-09 14:36:25 UTC

sparc stable

Comment 3 Agostino Sarubbo gentoo-dev

2019-11-12 10:06:12 UTC

x86 stable

Comment 4 Agostino Sarubbo gentoo-dev

2019-11-12 10:46:29 UTC

amd64 stable

Comment 5 Agostino Sarubbo gentoo-dev

2019-11-12 15:10:07 UTC

ppc64 stable

Comment 6 Rolf Eike Beer archtester

2019-11-12 18:10:16 UTC

hppa stable

Comment 7 Agostino Sarubbo gentoo-dev

2019-11-13 07:40:34 UTC

ppc stable

Comment 8 Agostino Sarubbo gentoo-dev

2019-11-14 11:57:30 UTC

ia64 stable

Comment 9 Mikle Kolyada (RETIRED) archtester

2019-11-27 13:39:50 UTC

arm stable

Comment 10 Yury German Gentoo Infrastructure

2020-03-15 06:38:09 UTC

Arches and Maintainer(s), Thank you for your work.

GLSA Vote: Yes
New GLSA Request filed.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2020-03-16 21:10:43 UTC

This issue was resolved and addressed in
 GLSA 202003-35 at https://security.gentoo.org/glsa/202003-35
by GLSA coordinator Thomas Deutschmann (whissi).