From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1419 to the following vulnerability: Name: CVE-2015-1419 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1419 Assigned: 20150127 Reference: http://secunia.com/advisories/62415 Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2015-1419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1419): Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
While Red Hat not consider this issue as a security flaw because man page document the behavior, SuSE and Debian are carrying https://anonscm.debian.org/cgit/collab-maint/vsftpd.git/tree/debian/patches/0050-CVE-2015-1419.patch @ Maintainer(s): Please tell us how you want to proceed here. Are you going to rev-bump and include the patch as well?