[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-users
Subject:    Re: [Proftpd-user] Vulnerability
From:       "TJ Saunders" <tj () castaglia ! org>
Date:       2019-07-27 21:16:40
Message-ID: d139506c-30b2-45f5-9b71-7fd441f7caf4 () www ! fastmail ! com
[Download RAW message or body]


> Are there any plans to address this issue?
> 
> https://www.cvedetails.com/cve/CVE-2019-12815/

See:
  http://bugs.proftpd.org/show_bug.cgi?id=4372

I have not yet had enough time to prepare releases with this fix incorporated.

In the mean time, if you don't use/need mod_copy, then adding:

  <IfModule mod_copy.c>
    CopyEngine off
  </IfModule>

to your proftpd.conf should suffice.  Otherwise, you can apply the patch (see above \
ticket and its associated PR) until the releases are available.

Cheers,
TJ


_______________________________________________
ProFTPD Users List   <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


[prev in list] [next in list] [prev in thread] [next in thread]