Oval Definition:oval:org.mitre.oval:def:13366
Revision Date:2014-06-23Version:19
Title:DSA-1925-1 proftpd-dfsg -- insufficient input validation
Description:It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. For the stable distribution, this problem has been fixed in version 1.3.1-17lenny4. For the oldstable distribution, this problem has been fixed in version 1.3.0-19etch3. Binaries for the amd64 architecture will be released once they are available. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.3.2a-2. We recommend that you upgrade your proftpd-dfsg packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3639
DSA-1925-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):proftpd-dfsg
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • proftpd-pgsql DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-doc DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-ldap DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-mysql DPKG is earlier than 1.3.0-19etch3
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is hppa
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is mipsel
  • OR Installed architecture is arm
  • AND proftpd DPKG is earlier than 1.3.0-19etch3
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • proftpd-pgsql DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-doc DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-ldap DPKG is earlier than 1.3.0-19etch3
  • OR proftpd-mysql DPKG is earlier than 1.3.0-19etch3
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is hppa
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is mipsel
  • OR Installed architecture is arm
  • AND proftpd DPKG is earlier than 1.3.0-19etch3
  • BACK