Re: Admnistrativa and security

To: Grzegorz Stelmaszek <greg@tenet.pl>
Cc: debian-devel@lists.debian.org, postmaster@www.debian.org, security@debian.org
Subject: Re: Admnistrativa and security
From: Josip Rodin <jrodin@public.srce.hr>
Date: Sat, 6 Nov 1999 19:00:56 +0100
Message-id: <19991106190055.A25281@jagor.srce.hr>
In-reply-to: <Pine.LNX.4.10.9911061828360.27370-100000@main.tenet.pl>; from Grzegorz Stelmaszek on Sat, Nov 06, 1999 at 06:33:42PM +0100
References: <Pine.LNX.4.10.9911061828360.27370-100000@main.tenet.pl>

On Sat, Nov 06, 1999 at 06:33:42PM +0100, Grzegorz Stelmaszek wrote:
> Maybe you had forgotten but there still is remote bug in proftpd versions
> prior to version pre6 (aik exploit has not been *published*). As you could
> note, www.debian.org uses vulnurable version of proftpd.

Please, admins, also upgrade wu-ftpd to 2.6.0, because of similar security
problems, that could sometimes lead to . You don't even have to recompile it,
the package in potato is compiled on slink.

> Also many of your primary web and ftp mirrors do. It's very (imho)
> dengerous and should be fixed asap.

Debian project can't force the mirrors to do anything, although a friendly
reminders could help fix this...

> I'd also like to inform you that, Debian's distribution STILL contains
> vulnurable porftpd distribution ... (that many useres use).

This is not the case with wu-ftpd :)

-- 
enJoy -*/\*- don't even try to pronounce my first name

Reply to:

References:
- Admnistrativa and security
  - From: Grzegorz Stelmaszek <greg@tenet.pl>

Prev by Date: Administrativa ...
Next by Date: Re: Debian archive requirements
Previous by thread: Admnistrativa and security
Next by thread: Administrativa ...
Index(es):
- Date
- Thread