FEDORA-EPEL-2019-ef655ec55e

security update in Fedora EPEL 7 for proftpd

Status: stable a month ago

This update addresses an arbitrary file copy vulnerability in mod_copy in ProFTPD, which allowed for remote code execution and information disclosure without authentication due to not honoring <Limit> constraints.

Upstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372

The upstream fix for this issue has been back-ported to ProFTPD 1.3.5e for EPEL-7.

Comments 7

This update has been submitted for testing by pghmcfc.

This update test gating status has been changed to 'waiting'.

This update test gating status has been changed to 'ignored'.

This update has been pushed to testing.

This update can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by pghmcfc.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -1
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable a month ago

Related Bugs 2

00 #1732365 CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution
00 #1732367 CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [epel-all]

Automated Test Results