Re: ProFTPD still vulnerable (Sarge)

To: debian-security <debian-security@lists.debian.org>
Subject: Re: ProFTPD still vulnerable (Sarge)
From: Jim Popovitch <jimpop@yahoo.com>
Date: Thu, 30 Nov 2006 12:28:10 -0500
Message-id: <[🔎] 1164907690.12020.2.camel@localhost>
In-reply-to: <[🔎] 20061130141010.GA24916@mithrandir>
References: <[🔎] 20061130062853.GM17888@lupe-christoph.de> <[🔎] 20061130141010.GA24916@mithrandir>

On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote:
> This is unfortunately an effect of an issue with the old mod_delay patch.
> It's not an exploiting of the known issue. You have to either disable mod_delay or use 
> 1.2.10-20sarge1 which is available at http://people.debian.org/~frankie/debian/sarge
> That is in use successfully since ages on high-load server like alioth.
> The sarge1 version also manages the 3 recent security issues.

So, should we use 1.2.10-20sarge1 or the just released 1.2.10-15sarge3? 

-Jim P.

Reply to:

References:
- ProFTPD still vulnerable (Sarge)
  - From: lupe@lupe-christoph.de (Lupe Christoph)
- Re: ProFTPD still vulnerable (Sarge)
  - From: "Francesco P. Lovergine" <frankie@debian.org>

Prev by Date: Re: ProFTPD still vulnerable (Sarge)
Next by Date: Re: ProFTPD still vulnerable (Sarge)
Previous by thread: Re: ProFTPD still vulnerable (Sarge)
Index(es):
- Date
- Thread