On Thu, 2006-12-07 at 10:26 +0100, Francesco P. Lovergine wrote: > On Wed, Dec 06, 2006 at 09:21:34PM -0500, Jim Popovitch wrote: > > On Thu, 2006-11-30 at 12:28 -0500, Jim Popovitch wrote: > > > On Thu, 2006-11-30 at 15:10 +0100, Francesco P. Lovergine wrote: > > > > This is unfortunately an effect of an issue with the old mod_delay patch. > > > > It's not an exploiting of the known issue. You have to either disable mod_delay or use > > > > 1.2.10-20sarge1 which is available at http://people.debian.org/~frankie/debian/sarge > > > > That is in use successfully since ages on high-load server like alioth. > > > > The sarge1 version also manages the 3 recent security issues. > > > > > > So, should we use 1.2.10-20sarge1 or the just released 1.2.10-15sarge3? > > > > My suggestion is using the not-official 1.2.10-20sarge1 iff you are > experiencing segfaults on high-load servers and you wouldn't > to set mod_delay use off for security concerns. Now that official proftpd_1.2.10-15sarge4 has been released, should we continue to use 1.2.10-20sarge1? Thanks, -Jim P.
Attachment:
signature.asc
Description: This is a digitally signed message part