[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DoS in debian (potato) proftpd



On Wed, 27 Mar 2002 00:37:59 +0100
martin f krafft <madduck@madduck.net> wrote:

>> [...]
> 
> (please fix your line wraps!)
> 
> security.debian.org has proftpd_1.2.0pre10-2.0potato1 which does not
> contain this bug, at least not on i386 systems:
> 
> fishbowl:~> ncftp lapse.home.madduck.net
> NcFTP 3.1.2 (Jan 28, 2002) by Mike Gleason (ncftp@ncftp.com).
> Connecting to 192.168.14.3
> ProFTPD 1.2.0pre10 Server (Debian) [lapse.home.madduck.net]
> Logging in...
> 
> [...]

Adding...

proftpd (1.2.0pre10-2.0potato1) stable; urgency=high

  * Non-Maintainer upload.
  * Applied patch against string format buffer attack.
  * Removed extra User/Group pair from basic.conf, server now runs as
    user/group nobody by default.
  * Added build dependencies on zlib1g-dev, debhelper and libpam-dev.
  * In contrib/libcap/libcap.h: moved the capability.h include to just
    below sys/types.h to fix horrible build errors.

 -- Ivo Timmermans <ivo@debian.org>  Sat, 24 Feb 2001 12:42:53 +0100

See:
"Applied patch against string format buffer attack."

done,
-- 
                      _                                                   
 _     __|_ _.   _  _|_.__.._  _ _ 
(_||_|_> |_(_|\/(_)  | |(_|| |(_(_)                stratus@ax.net.br
 _|nupg id: 0x37155778                              gustavo@dsgx.org

   Alternex S/A - www.alternex.com.br --  Rio de Janeiro/Brazil

 gnupg id: 0x37155778 (fetch from keyserver: wwwkeys.eu.pgp.net)
Key fingerprint = 1908 52B9 4A16 6EC2 74D1  C03B EDFB 7005 3715 5778

Attachment: pgpue_Yl7BNrG.pgp
Description: PGP signature


Reply to: