On Thu, Mar 28, 2002 at 02:01:12PM +0100, martin f krafft wrote: > > that's not true. the config file contains no such regex. the problem > is in fact fixed. No, it is in fact not fixed. We are still vulnerable. I have confirmed this myself with the proftpd packages from security.debian.org. The proftpd maintainer created an unofficial security fix package which inserted a rule into proftpd.conf denying the regex that caused the DoS problem. That unofficial package, or conceivably the package from woody or sid, is the only safe proftpd package available for Debian. If you don't believe me, try it... noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpdJI3N2q3LR.pgp
Description: PGP signature