Debian alert DLA-1873-1 (proftpd-dfsg)

From:
             
 
Markus Koschany <apo@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 1873-1] proftpd-dfsg security update 
Date:
             
 
Wed, 7 Aug 2019 22:40:30 +0200
Message-ID:
             
 
<75b23c3a-1ef6-3845-ca59-730a08192782@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : proftpd-dfsg
Version        : 1.3.5e+r1.3.5-2+deb8u3
CVE ID         : CVE-2019-12815
Debian Bug     : 932453

Tobias Maedel discovered that the mod_copy module of ProFTPD, a
FTP/SFTP/FTPS server, performed incomplete permission validation for the
CPFR/CPTO commands.

For Debian 8 "Jessie", this problem has been fixed in version
1.3.5e+r1.3.5-2+deb8u3.

We recommend that you upgrade your proftpd-dfsg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1LNz1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRqVA//Vi1kzkGMl+sUU6VcVvyCGTPlk+sG50cMmg3KrmMygHt5lh5qzv/WgM0X
+e7dXaxqvB8iYUxN3VhtY4ximhxfj9L7B5wMp8RB6dJ3tBJz+OMnmGNwniIhFcbJ
NKrFXym+jU49GfIhAjl0FxFzby0K21JM+659pp27LeTZ5an/ZxfVTKCd2Aj0dkio
jatECdaC3mMxVR0rLMQcGC/IB3WU77ORhV8NhZknEN0VBYPhM/vjCVsL4RPtv01R
qhIIFiOGfH7PNc7ExBw/yLGDRCz3ZXDrmWXj/v2qBjn6FcngSVJtwc1ep7ruE47l
ccabWYUgkafcRxgufbe83VJi1FJeq1E6anNw68BF26uJH2DIp++eGnSMHh+99Y1E
d+s5qGAoWHYyunp8M8s2CyZGLhQwIoa4TWDORucHbkrDm0s4g+QzhKDMewl3es3G
L6fMYYDH/UtxhG+Yf6ePl88kkrfL4F5sOD5SD5rKKK9dG5fH8r35eaYyGTAxBNvq
2mSwVi5IpTGteJ7IZGryF+Vjj42iX0Pmht5nydrGHhWgdqC2SETOwgNb6irCTRtT
/ZMAZdrp8DVmQ+xjiG/0MGjx1e21g+3NGsnlxs7J+sqclltuUbYJKx+CoKWOlZxW
+tF0g50xWIfAWoEFeG3IClM0/k0qg/cQqs7zQnGhjPu3OFuioI0=
=xriD
-----END PGP SIGNATURE-----