proftpd: set status of CVE-2001-0027

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-15 06:10:02 +00:00

This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."

Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."

Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.

[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

This commit is contained in:

Peter Marko

2025-11-15 19:23:11 +01:00

committed by

Anuj Mittal

parent 03f418d36b

commit 1a6b962e47

1 changed files with 2 additions and 0 deletions

									
										meta-networking/recipes-daemons/proftpd/proftpd_1.3.7f.bb
									
		+2
		
												View File
												
				@@ -23,6 +23,8 @@ S = "${WORKDIR}/git"

				inherit autotools-brokensep useradd update-rc.d systemd multilib_script

				CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module"

				EXTRA_OECONF += "--enable-largefile"

				PACKAGECONFIG ??= "shadow \