[Buildroot] [PATCH v2, 1/1] package/pure-ftpd: fix CVE-2021-40524
Peter Korsgaard
peter at korsgaard.com
Sun Nov 28 13:37:57 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the
> server allows attackers to upload files of unbounded size, which may
> lead to denial of service or a server hang. This occurs because a
> certain greater-than-zero test does not anticipate an initial -1 value.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> Changes v1 -> v2:
> - Add PURE_FTPD_IGNORE_CVES entry
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list