| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2020-9274.diff | commit 8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa diraliases: always set the tail of the list to NULL Spotted and reported by Antonio Norales from GitHub Security Labs. Thanks! diff --git a/src/diraliases.c b/src/diraliases.c index 4002a36..fb70273 100644 |
Frank Denis <github@pureftpd.org> | no | 2020-02-18 | ||
| CVE-2020-9365.diff | commit bf6fcd4935e95128cf22af5924cdc8fe5c0579da pure_strcmp(): len(s2) can be > len(s1) Reported by Antonio Morales from GitHub Security Labs, thanks! diff --git a/src/utils.c b/src/utils.c index f41492d..5e88104 100644 |
Frank Denis <github@pureftpd.org> | no | 2020-02-24 | ||
| CVE-2019-20176.diff | commit aea56f4bcb9948d456f3fae4d044fd3fa2e19706 listdir(): reuse a single buffer to store every file name to display Allocating a new buffer for each entry is useless. And as these buffers are allocated on the stack, on systems with a small stack size, with many entries, the limit can easily be reached, causing a stack exhaustion and aborting the user session. Reported by Antonio Morales from the GitHub Security Lab team, thanks! diff --git a/src/ls.c b/src/ls.c index cf804c7..f8a588f 100644 |
Frank Denis <github@pureftpd.org> | no | 2019-12-30 | ||
| typos.patch | no |