Summary: | <net-ftp/proftpd-1.3.6b-r1: NULL pointer dereference when validating the certificate of a client connecting to the server (CVE-2019-19269) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | slyfox |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/proftpd/proftpd/issues/861 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
net-ftp/proftpd-1.3.6b-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-02 22:22:54 UTC
Upstream fix: https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master) https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2c36f1aded32d1feee68284b3823a77a027ff04 commit e2c36f1aded32d1feee68284b3823a77a027ff04 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-12-02 22:52:15 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-12-02 22:52:42 +0000 net-ftp/proftpd: CVE-2019-19269 fix, bug #701814 Pick upstream commit be8e1687819cb6 ("Issue #859, #861: Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers.") Bug: https://bugs.gentoo.org/701814 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> .../files/proftpd-1.3.6b-tls-crl-crash.patch | 40 +++ net-ftp/proftpd/proftpd-1.3.6b-r1.ebuild | 275 +++++++++++++++++++++ 2 files changed, 315 insertions(+) Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 202003-35 at https://security.gentoo.org/glsa/202003-35 by GLSA coordinator Thomas Deutschmann (whissi). |