MGASA-2019-0385

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-19269

Published: 13 Dec 2019, 18:25

Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Dec 2019, 18:25

Published

Vulnerability first disclosed

16 Apr 2026, 04:26

Last Modified

Vulnerability information updated

Description

Updated proftpd packages fix security vulnerability An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup (CVE-2019-19269).

Affected Systems

mageia•proftpd
< 1.3.5e-4.2.mga7

References (3)

https://advisories.mageia.org/MGASA-2019-0385.html
https://bugs.mageia.org/show_bug.cgi?id=25844
https://www.debian.org/lts/security/2019/dla-2018