openSUSE has issued an advisory on February 21:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/C3HZA5IS6YXHXDULEZHLHWOVCC3IYNGP/

Again, cannot find the patches.
Different packagers update this, so assigning globally.

Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. (CVE-2024-57392)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E36XSNXDCOSSYTPKEMAEUAZ6QVQJTSFZ/
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/C3HZA5IS6YXHXDULEZHLHWOVCC3IYNGP/
========================

Updated packages in core/updates_testing:
========================
proftpd-1.3.8c-1.1.mga9
proftpd-devel-1.3.8c-1.1.mga9
proftpd-mod_autohost-1.3.8c-1.1.mga9
proftpd-mod_ban-1.3.8c-1.1.mga9
proftpd-mod_case-1.3.8c-1.1.mga9
proftpd-mod_ctrls_admin-1.3.8c-1.1.mga9
proftpd-mod_ifsession-1.3.8c-1.1.mga9
proftpd-mod_ldap-1.3.8c-1.1.mga9
proftpd-mod_load-1.3.8c-1.1.mga9
proftpd-mod_memcache-1.3.8c-1.1.mga9
proftpd-mod_quotatab-1.3.8c-1.1.mga9
proftpd-mod_quotatab_file-1.3.8c-1.1.mga9
proftpd-mod_quotatab_ldap-1.3.8c-1.1.mga9
proftpd-mod_quotatab_radius-1.3.8c-1.1.mga9
proftpd-mod_quotatab_sql-1.3.8c-1.1.mga9
proftpd-mod_radius-1.3.8c-1.1.mga9
proftpd-mod_ratio-1.3.8c-1.1.mga9
proftpd-mod_rewrite-1.3.8c-1.1.mga9
proftpd-mod_sftp-1.3.8c-1.1.mga9
proftpd-mod_sftp_pam-1.3.8c-1.1.mga9
proftpd-mod_sftp_sql-1.3.8c-1.1.mga9
proftpd-mod_shaper-1.3.8c-1.1.mga9
proftpd-mod_site_misc-1.3.8c-1.1.mga9
proftpd-mod_sql-1.3.8c-1.1.mga9
proftpd-mod_sql_mysql-1.3.8c-1.1.mga9
proftpd-mod_sql_passwd-1.3.8c-1.1.mga9
proftpd-mod_sql_postgres-1.3.8c-1.1.mga9
proftpd-mod_sql_sqlite-1.3.8c-1.1.mga9
proftpd-mod_tls-1.3.8c-1.1.mga9
proftpd-mod_tls_memcache-1.3.8c-1.1.mga9
proftpd-mod_tls_shmcache-1.3.8c-1.1.mga9
proftpd-mod_unique_id-1.3.8c-1.1.mga9
proftpd-mod_vroot-1.3.8c-1.1.mga9
proftpd-mod_wrap-1.3.8c-1.1.mga9
proftpd-mod_wrap_file-1.3.8c-1.1.mga9
proftpd-mod_wrap_sql-1.3.8c-1.1.mga9

from SRPM:
proftpd-1.3.8c-1.1.mga9.src.rpm

Status: NEW => ASSIGNED
Status comment: Patch available from Fedora => (none)
Version: Cauldron => 9
Source RPM: proftpd-1.3.8c-1.mga10.src.rpm, proftpd-1.3.8c-1.mga9.src.rpm => proftpd-1.3.8c-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 33922 for testing:
# systemctl start proftpd
# systemctl -l status proftpd
● proftpd.service - LSB: ProFTPD FTP server
     Loaded: loaded (/etc/rc.d/init.d/proftpd; generated)
     Active: active (running) since Wed 2025-02-26 14:32:37 CET; 11min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 33026 ExecStart=/etc/rc.d/init.d/proftpd start (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 8806)
     Memory: 2.8M
        CPU: 335ms
     CGroup: /system.slice/proftpd.service
             └─38873 "proftpd: (accepting connections)"

Feb 26 14:32:06 mach3.hviaene.thuis systemd[1]: Starting proftpd.service...
Feb 26 14:32:37 mach3.hviaene.thuis proftpd[33026]: Starting proftpd[  OK  ]
Feb 26 14:32:37 mach3.hviaene.thuis systemd[1]: Started proftpd.service.
After opening firewall for ftp on both sides, I could use filezilla to transfer some files, from and to my desktop PC - this laptop.
All worked OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0081.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED