Package name
Advisory ID
Affected versions
10.0 amd64 , 10.0 i586

Problem description

A portability workaround that was applied in version 1.2.9 of the ProFTPD FTP server caused CIDR based ACL entries in "Allow" and "Deny" directives to act like an "AllowAll" directive. This granted FTP clients access to files and directories that the server configuration may have been explicitly denying. This problem only exists in version 1.2.9 and has been fixed upstream. A patch has been applied to correct the problem.

Updated packages

10.0 amd64

 1d665bfd8672682a6e7383a55b313c46  amd64/10.0/RPMS/proftpd-1.2.9-3.1.100mdk.amd64.rpm
073f7a0ba4fc179654a36ea1b11ac059  amd64/10.0/RPMS/proftpd-anonymous-1.2.9-3.1.100mdk.amd64.rpm
55c01dbc795e68adde5714b6ebef1c38  amd64/10.0/SRPMS/proftpd-1.2.9-3.1.100mdk.src.rpm

10.0 i586

 101925465015f7306e3fcf42db6c6c9b  10.0/RPMS/proftpd-1.2.9-3.1.100mdk.i586.rpm
f528f42bb43e0f8cdcb8d6bb43b8c072  10.0/RPMS/proftpd-anonymous-1.2.9-3.1.100mdk.i586.rpm
55c01dbc795e68adde5714b6ebef1c38  10.0/SRPMS/proftpd-1.2.9-3.1.100mdk.src.rpm