Re: Secure wu-ftpd for Testing?

To: "Howland, Curtis" <howlandc@kvh.co.jp>
Cc: "Debian-Security \(E-mail\)" <debian-security@lists.debian.org>
Subject: Re: Secure wu-ftpd for Testing?
From: David Ehle <ehle@iit.edu>
Date: Fri, 30 Nov 2001 00:42:44 -0500
Message-id: <[🔎] 3C071C54.CA533DF1@iit.edu>
References: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05B990@jpkvhms2.tel.kvh.co.jp>

Thanks Curtis,

   I know the maintainer has put together a fixed version for
Potato/stable, I am wondering if he has had time to do the testing yet,
or if we rollback to the testing one or what. I'm just hoping that
rollback won't be a dependency  nightmare... the stable version is
wu-ftpd_2.6.0-6 available from:
ftp.debian.org but NOT (as of about 6:00pm my local time)
ftp.us.debian.org.

Anyway thanks for the info.

here are some other info sources i've found:
http://www.securityfocus.com/archive/1/242750
http://www.wu-ftpd.org  (they only put up something around 3:00 pm
local-chicago time)

Later,
  David.


"Howland, Curtis" wrote:
> 
> The article I read about it on the Register...
> 
> http://www.theregister.co.uk/content/4/23082.html
> 
>                     "The hole affects thousands of users of virtually
> every Linux release.
>                     Because of the wide implications, Core, working with
> CERT, and, at
>                     one point, SecurityFocus' "Vulnerability Help" team,
> arranged a
>                     coordinated release with Caldera, SuSE, TurboLinux,
> Debian, Red
>                     Hat, and other Linux vendors, so that patches would
> be available for
>                     every distribution simultaneously. December 3rd was
> picked for the
>                     release.
> 
>                     That plan went out the window Tuesday, when Red Hat
> unilaterally
>                     issued its own advisory."
> 
> So I will assume that Debian has a fix that is being tested, if not in
> "testing". I'm very surprised it hasn't been released or mentioned yet
> myself.
> 
> Curt-
> 
> -----Original Message-----
> From: David Ehle [mailto:ehle@iit.edu]
> Sent: Friday, November 30, 2001 14:20
> To: debian-security@lists.debian.org
> Cc: Debian-Security (E-mail)
> Subject: Secure wu-ftpd for Testing?
> 
> Hello all,
> 
> Is the wu-ftpd in testing secure? It seems to be 2.6.1 a stinker.
> Testing is using 2.6.1-5, is that also compromised?  I have been
> watching it all day but haven't seen any updates.
> 
> If it is not secure has a patched version been made available anywhere?
> I can't seem to find any mention at http://www.debian.org/security/
> 
> Thanks!
> David.
> 
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

Reply to:

References:
- RE: Secure wu-ftpd for Testing?
  - From: "Howland, Curtis" <howlandc@kvh.co.jp>

Prev by Date: RE: Secure wu-ftpd for Testing?
Next by Date: Re: Secure wu-ftpd for Testing?
Previous by thread: RE: Secure wu-ftpd for Testing?
Next by thread: RE: whats up?
Index(es):
- Date
- Thread