helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

proftpd: ignore CVE-2021-47865

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865

This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.

The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.

See also discussion in the Github issue.

It seems that it won't be fixed, because there is nothing to fix.

[1]: https://github.com/proftpd/proftpd/issues/1298

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-02 17:37:11 +01:00 committed by Khem Raj
parent c08c81ae29
commit 2865b67e29
No known key found for this signature in database
GPG Key ID: BB053355919D3314
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb
View File

@ -25,6 +25,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+\w?))"
CVE_VERSION_SUFFIX = "alphabetical" CVE_VERSION_SUFFIX = "alphabetical"
CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module"
CVE_STATUS[CVE-2021-47865] = "upstream-wontfix: it is not a vulnerability but inproper configuration"
EXTRA_OECONF += "--enable-largefile INSTALL=install" EXTRA_OECONF += "--enable-largefile INSTALL=install"