notfound 496686 1.3.1-1 thanks On Tue, Aug 26, 2008 at 08:27:03PM +0200, Thomas Creutz wrote: > Package: proftpd > Version: 1.3.0-19etch1 > Severity: normal > > ProFTP TLS/SSL Module does not handle the RFC 4346 correct! > > So the connection can be vulnerable to spoofed FIN packets. > > See the follow addresses > http://forum.filezilla-project.org/viewtopic.php?f=2&t=7688 > > the bug report and a fix is avalible on > http://bugs.proftpd.org/show_bug.cgi?id=2753 > > hope that this can fixed in the stable release! >
Well, the security concerning are about clients (e.g. filezilla), which anyway should manage the issue in any case, AFAIK because people could not expect all servers are compliant. This is fixed in 1.3.1. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]