Proftpd 1.2.0rc3 was released yesterday.
Below is today's post on Bugtraq about it. I'm wondering if we are going to
see an RPM from Cobalt on this any time soon?
M
--------
Three issues with the ProFTPD FTP server have been reported to BUGTRAQ in
the past month. These issues have been addressed by the ProFTPD core team.
The following vulnerabilities are addressed in this advisory:
1. "SIZE memory leak"
http://www.securityfocus.com/archive/1/151991
Reported by Wojciech Purczynski <[EMAIL PROTECTED]>
2. "USER memory leak"
http://www.securityfocus.com/archive/1/155349
Reported by Wojciech Purczynski <[EMAIL PROTECTED]>
3. "Minor format string vulnerabilities"
http://www.securityfocus.com/archive/1/155428
Reported by Przemyslaw Frasunek <[EMAIL PROTECTED]>
All three are thought to exist in all previous 1.2.0 test releases,
(1.2.0pre[1-10], 1.2.0rc[1-2]). All three now have been fixed, and patches
have been committed to the ProFTPD CVS repository. A new release, 1.2.0rc3,
containing these fixes has been made available as of 5 February and is
available from:
http://www.proftpd.org/download.html
ftp://ftp.proftpd.org/distrib/proftpd-1.2.0rc3.tar.gz
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
