{"affected":[{"ecosystem_specific":{"binaries":[{"uftpd":"2.12-lp151.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"uftpd","purl":"pkg:rpm/opensuse/uftpd&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.12-lp151.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for uftpd fixes the following issues:\n\nuftpd was updated to version 2.12.\n\nChanges:\n\n* Use common log message format and log level when user enters\n  an invalid path. This unfortunately affects changes introduced\n  in v2.11 to increase logging at default log level.\n\nSecurity fixes:\n\n- CVE-2020-14149: When entering an invalid directory with the FTP\n  command CWD, a NULL ptr was deref. in a DBG() message even\n  though the log level is set to a value lower than LOG_DEBUG.\n  This caused uftpd to crash and cause denial of service.\n  Depending on the init/inetd system used this could be\n  permanent. (boo#1172959)\n","id":"openSUSE-SU-2020:0865-1","modified":"2020-06-25T12:18:25Z","published":"2020-06-25T12:18:25Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7ZZVJKHMYEKLIWMJZN53DLSBGWMF5BNS/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14149"}],"related":["CVE-2020-14149"],"summary":"Security update for uftpd","upstream":["CVE-2020-14149"]}