On Thu, Oct 28, 1999 at 01:30:19PM -0400, Paul McHale wrote: > There is one question. They announce openBSD ships with a secure > version of ProFTP. The version appears to be older than the bug > version(s). Is there something inherently different about BSD that it > was not affected by the bug ? Where is this announcement, on the OpenBSD website? I don't know what the story is with ProFTPD in OpenBSD in regard to security, but recently on the OpenBSD mailing list, Theo de Raadt (leader of the project), stated that ProFTPD won't be secure without a complete rewrite... I'm not sure if the version in the OpenBSD distribution has been audited by the team or not, though. -- [ Matthew Gregan ] [ GPG ID: B63A1E95 ] [ kinetik@ihug.co.nz ] [ GPG fingerprint: FB83 2911 F170 B31C 9E4A E382 CA8A A2F6 B63A 1E95 ]
Attachment:
pgpkNig7mGCtq.pgp
Description: PGP signature