[Buildroot] [PATCH] package/proftpd: security bump to version 1.3.6c
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 16:47:41 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-9273: In ProFTPD 1.3.7, it is possible to corrupt the memory pool
> by interrupting the data transfer channel. This triggers a use-after-free
> in alloc_pool in pool.c, and possible remote code execution.
> And additionally, fixes a number of other issues. For details, see the
> release notes:
> https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES
> This also bumps the bundled libcap, so
> 0001-fix-kernel-header-capability-version.patch can be dropped.
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list