From 6b7a0197f94098316775625839bb334572ae5f63 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Thu, 1 Jan 2026 10:16:28 +0100 Subject: proftpd: set status of CVE-2001-0027 This ancient CVE [1] is unversioned ("*") in NVD DB. "mod_sqlpw module in ProFTPD does not reset a cached password..." Looking at history and changelog, the module was removed [2] around the time when this CVE was published, likely as reaction to this CVE. "mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the distribution. They are currently unmaintained and have numerous bugs." Note: It was later re-introduced as mod_sql when it got fixed under new maintainer. [1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027 [2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362 Signed-off-by: Peter Marko Signed-off-by: Khem Raj (cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'meta-networking') diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb index 345c714a52..b8f2b50f79 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb @@ -25,6 +25,9 @@ S = "${WORKDIR}/git" inherit autotools-brokensep useradd update-rc.d systemd multilib_script +# fixed-version: version 1.2.0rc3 removed affected module +CVE_CHECK_IGNORE += "CVE-2001-0027" + PACKAGECONFIG ??= "shadow \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 pam', d)} \ static \ -- cgit v1.2.3-54-g00ecf