proftpd: ignore CVE-2021-47865 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-02-02 17:37:11 +0100
committer	Khem Raj <raj.khem@gmail.com>	2026-02-04 20:53:29 -0800
commit	2865b67e293ebfc706a5531ef79bfb9826d8cc6d (patch)
tree	94551ae7fbad88f94462d83f29a21cdf158950f0 /meta-python/recipes-devtools/python
parent	c08c81ae29baf53b11caba0fc7015eeec3836f69 (diff)
download	meta-openembedded-2865b67e293ebfc706a5531ef79bfb9826d8cc6d.tar.gz

proftpd: ignore CVE-2021-47865

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: