Ubuntu
proftpd-dfsg package

proftpd-dfsg 1.3.5e-1build1 Ubuntu 18.04 Fix Release

Asked by Aya Ibrahim

When is the Fix for CVE-2020-9273 going to be released for proftpd-dfsg 1.3.5e-1build1 Ubuntu 18.04?
I can see only 1.3.6 was released last Friday and it's a very critical vulnerability.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu proftpd-dfsg Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

https://launchpad.net/ubuntu/+source/proftpd-dfsg/+changelog

Its been patched in Focal according to the changelog. I suggest you report a bug to get it patched in Bionic as well.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#2

proftpd is in the "universe" repository, so it is only supported by the community and not by Canonical.

This means that some enthusiast has to collect the required patches and build a new version with these.

For reference:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9273.html
https://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html

Can you help with this problem?

Provide an answer of your own, or ask Aya Ibrahim for more information if necessary.

To post a message you must log in.