makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "proftpd-mod-ldap-dbgsym": "1.3.8.b+dfsg-1", "proftpd-doc": "1.3.8.b+dfsg-1", "proftpd-core-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-geoip-dbgsym": "1.3.8.b+dfsg-1", "proftpd-core": "1.3.8.b+dfsg-1", "proftpd-mod-crypto-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-ldap": "1.3.8.b+dfsg-1", "proftpd-mod-mysql-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-pgsql-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-mysql": "1.3.8.b+dfsg-1", "proftpd-mod-wrap": "1.3.8.b+dfsg-1", "proftpd-dev": "1.3.8.b+dfsg-1", "proftpd-mod-snmp": "1.3.8.b+dfsg-1", "proftpd-mod-geoip": "1.3.8.b+dfsg-1", "proftpd-mod-odbc": "1.3.8.b+dfsg-1", "proftpd-mod-pgsql": "1.3.8.b+dfsg-1", "proftpd-mod-sqlite": "1.3.8.b+dfsg-1", "proftpd-mod-snmp-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-wrap-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-odbc-dbgsym": "1.3.8.b+dfsg-1", "proftpd-mod-crypto": "1.3.8.b+dfsg-1", "proftpd-mod-sqlite-dbgsym": "1.3.8.b+dfsg-1" } ] }