proftpd: set status of CVE-2001-0027

This ancient CVE [1] is unversioned ("*") in NVD DB. "mod_sqlpw module in ProFTPD does not reset a cached password..." Looking at history and changelog, the module was removed [2] around the time when this CVE was published, likely as reaction to this CVE. "mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the distribution. They are currently unmaintained and have numerous bugs." Note: It was later re-introduced as mod_sql when it got fixed under new maintainer. [1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027 [2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-02 02:49:12 +00:00 · 2024-12-10 19:52:23 +01:00 · 2024-12-10 19:52:23 +01:00 · 7070f90c86
commit 7070f90c86
parent 76f46c61b5
1 changed files with 2 additions and 0 deletions
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.8b.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.8b.bb
@ -21,6 +21,8 @@ S = "${WORKDIR}/git"

 inherit autotools-brokensep useradd update-rc.d systemd multilib_script

+CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module"
+
 EXTRA_OECONF += "--enable-largefile INSTALL=install"

 PACKAGECONFIG ??= "shadow \