Thanks Curtis, I know the maintainer has put together a fixed version for Potato/stable, I am wondering if he has had time to do the testing yet, or if we rollback to the testing one or what. I'm just hoping that rollback won't be a dependency nightmare... the stable version is wu-ftpd_2.6.0-6 available from: ftp.debian.org but NOT (as of about 6:00pm my local time) ftp.us.debian.org.
Anyway thanks for the info. here are some other info sources i've found: http://www.securityfocus.com/archive/1/242750 http://www.wu-ftpd.org (they only put up something around 3:00 pm local-chicago time) Later, David. "Howland, Curtis" wrote: > > The article I read about it on the Register... > > http://www.theregister.co.uk/content/4/23082.html > > "The hole affects thousands of users of virtually > every Linux release. > Because of the wide implications, Core, working with > CERT, and, at > one point, SecurityFocus' "Vulnerability Help" team, > arranged a > coordinated release with Caldera, SuSE, TurboLinux, > Debian, Red > Hat, and other Linux vendors, so that patches would > be available for > every distribution simultaneously. December 3rd was > picked for the > release. > > That plan went out the window Tuesday, when Red Hat > unilaterally > issued its own advisory." > > So I will assume that Debian has a fix that is being tested, if not in > "testing". I'm very surprised it hasn't been released or mentioned yet > myself. > > Curt- > > -----Original Message----- > From: David Ehle [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 30, 2001 14:20 > To: [EMAIL PROTECTED] > Cc: Debian-Security (E-mail) > Subject: Secure wu-ftpd for Testing? > > Hello all, > > Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker. > Testing is using 2.6.1-5, is that also compromised? I have been > watching it all day but haven't seen any updates. > > If it is not secure has a patched version been made available anywhere? > I can't seem to find any mention at http://www.debian.org/security/ > > Thanks! > David. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
