Thank god I didn't upgrade to edgy on my server yet... ;o)

/Jacob

Frodon wrote:
> Public bug reported:
>
> Binary package hint: proftpd
>
> The proftpd package provided in edgy (v. 1.3.0) isn't compiled with the 
> mod_tls.c module enabled.
> This could be a big issue for those who run edgy eft and need TLS encryption 
> for their ftp server because without this encryption passwords and usernames 
> are transmited in plain text.
> Since this module was enabled in dapper some users may not have noticed that 
> this module is no more enabled and thus make their FTP server vulnerable.
>
> Here is the list of the modules enabled in the edgy package :
> mod_core.c
> mod_xfer.c
> mod_auth_unix.c
> mod_auth_file.c
> mod_auth.c
> mod_ls.c
> mod_log.c
> mod_site.c
> mod_delay.c
> mod_dso.c
> mod_auth_pam.c
> mod_readme.c
> mod_cap.c
> mod_ctrls.c
>
> It may be a good idea to make this module enabled in the package
> provided by the official edgy repository because for a professional
> server install it doesn't make sense to run a FTP server without
> encryption.
>
> ** Affects: proftpd (Ubuntu)
>      Importance: Undecided
>          Status: Unconfirmed
>
>

-- 
Module mod-tls.c is missing in the proftpd edgy package
https://launchpad.net/bugs/68735

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to