diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-02-07 11:33:49 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-02-12 13:38:12 +0530 |
| commit | d691a39655c535e4a47c8ad0afe6f8c57f65ef5a (patch) | |
| tree | 3f34ac2a11d7633db02c11bba236a507b3fb80b3 /meta-networking | |
| parent | a56aafa0a6d839dceeb889faba1250fab033810e (diff) | |
| download | meta-openembedded-d691a39655c535e4a47c8ad0afe6f8c57f65ef5a.tar.gz | |
proftpd: ignore CVE-2021-47865
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
It seems that it won't be fixed, because there is nothing to fix.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb index 2c93393e68..2004595e6e 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb | |||
| @@ -26,6 +26,7 @@ S = "${WORKDIR}/git" | |||
| 26 | inherit autotools-brokensep useradd update-rc.d systemd multilib_script | 26 | inherit autotools-brokensep useradd update-rc.d systemd multilib_script |
| 27 | 27 | ||
| 28 | CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" | 28 | CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" |
| 29 | CVE_STATUS[CVE-2021-47865] = "upstream-wontfix: it is not a vulnerability but inproper configuration" | ||
| 29 | 30 | ||
| 30 | EXTRA_OECONF += "--enable-largefile" | 31 | EXTRA_OECONF += "--enable-largefile" |
| 31 | 32 | ||
