Re: Secure wu-ftpd for Testing?
Thanks Curtis,
I know the maintainer has put together a fixed version for
Potato/stable, I am wondering if he has had time to do the testing yet,
or if we rollback to the testing one or what. I'm just hoping that
rollback won't be a dependency nightmare... the stable version is
wu-ftpd_2.6.0-6 available from:
ftp.debian.org but NOT (as of about 6:00pm my local time)
ftp.us.debian.org.
Anyway thanks for the info.
here are some other info sources i've found:
http://www.securityfocus.com/archive/1/242750
http://www.wu-ftpd.org (they only put up something around 3:00 pm
local-chicago time)
Later,
David.
"Howland, Curtis" wrote:
>
> The article I read about it on the Register...
>
> http://www.theregister.co.uk/content/4/23082.html
>
> "The hole affects thousands of users of virtually
> every Linux release.
> Because of the wide implications, Core, working with
> CERT, and, at
> one point, SecurityFocus' "Vulnerability Help" team,
> arranged a
> coordinated release with Caldera, SuSE, TurboLinux,
> Debian, Red
> Hat, and other Linux vendors, so that patches would
> be available for
> every distribution simultaneously. December 3rd was
> picked for the
> release.
>
> That plan went out the window Tuesday, when Red Hat
> unilaterally
> issued its own advisory."
>
> So I will assume that Debian has a fix that is being tested, if not in
> "testing". I'm very surprised it hasn't been released or mentioned yet
> myself.
>
> Curt-
>
> -----Original Message-----
> From: David Ehle [mailto:ehle@iit.edu]
> Sent: Friday, November 30, 2001 14:20
> To: debian-security@lists.debian.org
> Cc: Debian-Security (E-mail)
> Subject: Secure wu-ftpd for Testing?
>
> Hello all,
>
> Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
> Testing is using 2.6.1-5, is that also compromised? I have been
> watching it all day but haven't seen any updates.
>
> If it is not secure has a patched version been made available anywhere?
> I can't seem to find any mention at http://www.debian.org/security/
>
> Thanks!
> David.
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
Reply to: