proftpd: the final issue
TJ aka castaglia, finally fixed the bug in
http://bugs.proftpd.org/show_bug.cgi?id=2622
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308313
Currently (1.2.10-13) the only workaround for that is disabling
the mod_delay module. This of course potentially impacts prevention of
the timing attack that module solves.
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
I'm inclined to consider
that bug a RC (security) one, so if you RMs would allow the incoming
fixed -14 release entering sarge before release, that would be
great and allow me (poor maintainer) to sleep as a child in the
next years...
--
Francesco P. Lovergine
Reply to: