On Thu, Dec 14, 2006 at 10:06:36AM +0100, Francesco P. Lovergine wrote: > On Thu, Dec 14, 2006 at 09:00:18AM +0100, Moritz Muehlenhoff wrote: > > Hi, > > http://www.coresecurity.com/?module=ContentMod&action=item&id=1594 > > It appears as if proftpd in stable is not affected, as the default > > seems to be to build w/o ctrls support and I haven't found a > > configure flag to enable it. Can you confirm? > > > > Cheers, > > Moritz > > mod_cntrl is available in 1.3.0+ and the module is indeed loaded statically, > I'm looking better into the issue. So sarge is NOT affected, at least. >
Just one more patch:
proftpd-dfsg (1.3.0-17) unstable; urgency=high
* SECURITY: ProFTPD Controls Buffer Overflow, locally exploitable. This is
fixed in 1.3.1.
New patch CORE-2006-1127 added.
See http://www.coresecurity.com/?module=ContentMod&action=item&id=1594
and http://bugs.proftpd.org/show_bug.cgi?id=2867 for reference.
and thanks for all the fish :)
--
Francesco P. Lovergine
signature.asc
Description: Digital signature
