diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-11-15 19:23:11 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-11-17 11:50:20 +0530 |
| commit | 1a6b962e47873171f1c5ef7ba239c1f2a570d6f1 (patch) | |
| tree | 8d3e1fc2f1ad943b40714029ba1e67ae0134c6de /meta-networking | |
| parent | 03f418d36b1184f7bf142cb040b5c0faa93756c3 (diff) | |
| download | meta-openembedded-1a6b962e47873171f1c5ef7ba239c1f2a570d6f1.tar.gz | |
proftpd: set status of CVE-2001-0027
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb index be434a58c2..312fe24387 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb | |||
| @@ -23,6 +23,8 @@ S = "${WORKDIR}/git" | |||
| 23 | 23 | ||
| 24 | inherit autotools-brokensep useradd update-rc.d systemd multilib_script | 24 | inherit autotools-brokensep useradd update-rc.d systemd multilib_script |
| 25 | 25 | ||
| 26 | CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" | ||
| 27 | |||
| 26 | EXTRA_OECONF += "--enable-largefile" | 28 | EXTRA_OECONF += "--enable-largefile" |
| 27 | 29 | ||
| 28 | PACKAGECONFIG ??= "shadow \ | 30 | PACKAGECONFIG ??= "shadow \ |
