Ubuntu
vsftpd package

New upstream version supports modern TLS version

Bug #1960837 reported by Elfranne
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vsftpd (Ubuntu)
Fix Released
Undecided
Sergio Durigan Junior

Bug Description

Upstream version has been updated to support modern TLS versions (TLS 1.2 and TLS1.3):

https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz
https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz.asc
https://security.appspot.com/vsftpd/Changelog.txt
https://security.appspot.com/vsftpd.html#download

This would also close https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1804430

The current version uses insecure DES-CBC3-SHA cipher as default cipher (according to man vsftp.conf).

Related branches

~sergiodj/ubuntu/+source/vsftpd:update-3.0.5-jammy
Utkarsh Gupta (community): Approve
Andreas Hasenack: Approve
Diff: 1116 lines (+392/-124)
25 files modified
Changelog (+19/-0)
README (+1/-1)
debian/changelog (+7/-0)
debian/control (+2/-1)
debian/patches/0002-config.patch (+16/-16)
debian/patches/0004-link-local.patch (+13/-13)
debian/patches/0005-whitespaces.patch (+20/-20)
debian/patches/0007-utf8.patch (+21/-21)
debian/patches/0055-set_default_listen.patch (+4/-4)
debian/patches/0060-seccomp_sandbox.patch (+4/-4)
debian/patches/0065-upload_download_filename_pattern.patch (+35/-21)
debian/patches/0077-fix-typo.patch (+4/-4)
main.c (+1/-1)
parseconf.c (+4/-0)
prelogin.c (+13/-0)
seccompsandbox.c (+15/-0)
session.h (+1/-0)
ssl.c (+152/-0)
sysstr.c (+1/-1)
sysutil.h (+2/-1)
tunables.c (+9/-1)
tunables.h (+5/-1)
vsf_findlibs.sh (+8/-9)
vsftpd.conf.5 (+34/-4)
vsftpver.h (+1/-1)
Hans Joachim Desserud (hjd)
tags: added: upgrade-software-version
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for taking the time to file this bug and trying to make Ubuntu better.

This is indeed something that we should ship in the next LTS release. We do not carry any delta compared to the version in Debian, I'll ping the Debian maintainer to try to get this new version there and then sync it into Ubuntu.

Changed in vsftpd (Ubuntu):
status: New → Triaged
tags: added: server-todo
Lucas Kanashiro (lucaskanashiro)
Changed in vsftpd (Ubuntu):
assignee: nobody → Lucas Kanashiro (lucaskanashiro)
Lucas Kanashiro (lucaskanashiro)
Changed in vsftpd (Ubuntu):
assignee: Lucas Kanashiro (lucaskanashiro) → nobody
assignee: nobody → Sergio Durigan Junior (sergiodj)
tags: added: server-next
removed: server-todo
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vsftpd - 3.0.5-0ubuntu1

---------------
vsftpd (3.0.5-0ubuntu1) jammy; urgency=medium

  * New upstream release: 3.0.5 (LP: #1960837, #1804430)
  * d/p: Refresh patches against new upstream release.

 -- Sergio Durigan Junior <email address hidden> Wed, 23 Feb 2022 13:31:08 -0500

Changed in vsftpd (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.