Since I am the "culprit" that reported the second bug (CVE-2009-0542), I can confirm it affects debian's proftpd packages in testing/unstable repositories. That's because I discovered it on my debian system.
My proftpd version is 1.3.1-16. According to the ProFTPD team, the bug is fixed in 1.3.2 rc3 (1.3.2 is not vulnerable, 1.3.2 rc1 and rc2 are vulnerable), so upgrading to 1.3.2 should fix the issue. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
