Proftpd and bug #319849

To: debian-security@lists.debian.org
Subject: Proftpd and bug #319849
From: Vincent Bernat <bernat@luffy.cx>
Date: Thu, 11 Aug 2005 13:36:15 +0200
Message-id: <[🔎] m3u0hwbt8w.fsf@neo.luffy.cx>

Hi !

proftpd in Sarge  is vulnerable to a format  string vulnerability. The
corresponding  bug  is marked  as  fixed  in  1.2.10-20 and  found  in
1.2.10-15  (which is  the Sarge  version). This  means that  the Sarge
version is still vulnerable. However, the bug is closed and not tagged
security.

Should this  bug be reopened and  tagged security ?  What does "found"
mean ? Will a new upload by handled by security team shortly ?
-- 
THE BOYS ROOM IS NOT A WATER PARK
THE BOYS ROOM IS NOT A WATER PARK
THE BOYS ROOM IS NOT A WATER PARK
-+- Bart Simpson on chalkboard in episode 3F03

Reply to:

Follow-Ups:
- Re: Proftpd and bug #319849
  - From: Christophe Chisogne <christophe@publicityweb.com>

Prev by Date: Re: Re: found this in my /var/log/apache/access.log
Next by Date: Re: New amd64 packages fix several bugs
Previous by thread: Re: Re: found this in my /var/log/apache/access.log
Next by thread: Re: Proftpd and bug #319849
Index(es):
- Date
- Thread