Bug#609703: Mitigation of root exploit

A mitigating factor for this issue is that the default user configured for 1.3.1-17lenny4 and most likely other versions is proftpd rather than root. Didn't notice that earlier, sorry about that. Please downgrade the severity if approrpiate. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...

Bug#609703: proftpd-basic: sql_prepare_where() buffer overflow (Bug#3536)

Package: proftpd-basic Version: 1.3.1-17lenny4 Severity: critical Tags: security Justification: root security hole As described in http://www.h-online.com/open/news/item/Phrack-hole-closed-in-ProFTPD-1156782.html upstream version 1.3.3d fixes a remote root exploit in previous versions (proftpd