package/proftpd: security bump to version 1.3.6e

1.3.6e --------- + Fixed null pointer deference in mod_sftp when using SCP incorrectly (Issue #1043). 1.3.6d --------- + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959). 1.3.6c --------- + Fixed regression in directory listing latency (Issue #863). + Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for converting them to supported format. + Fixed use-after-free vulnerability during data transfers (Issue #903) [CVE-2020-9273] + Fixed out-of-bounds read in mod_cap by updating the bundled libcap (Issue #902) [CVE-2020-9272] http://proftpd.org/docs/RELEASE_NOTES-1.3.6e Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Peter: mark as security bump, add CVEs] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 7ba4aa9298) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-27 21:11:28 +01:00 · 2020-11-27 21:11:28 +01:00 · ba3cf130ef
parent 0ac9e8c074
commit ba3cf130ef
2 changed files with 2 additions and 2 deletions
--- a/package/proftpd/proftpd.hash
+++ b/package/proftpd/proftpd.hash
@ -1,3 +1,3 @@
 # Locally calculated
-sha256  fa3541c4b34136a7b80cb12a2f6f9a0cab5118a5b0a1653d40af49c6479c35ad  proftpd-1.3.6c.tar.gz
+sha256  2dbe684034ab592742ebdb778a8a234b70f959efeb30feedee3ea77f26f74fbb  proftpd-1.3.6e.tar.gz
 sha256  391a473d755c29b5326fb726326ff3c37e42512f53a8f5789fc310232150bf80  COPYING
--- a/package/proftpd/proftpd.mk
+++ b/package/proftpd/proftpd.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-PROFTPD_VERSION = 1.3.6c
+PROFTPD_VERSION = 1.3.6e
 PROFTPD_SITE = $(call github,proftpd,proftpd,v$(PROFTPD_VERSION))
 PROFTPD_LICENSE = GPL-2.0+
 PROFTPD_LICENSE_FILES = COPYING