On Fri, Nov 11, 2011 at 07:56:02PM +0100, Florian Weimer wrote: > * Francesco P. Lovergine: > > >> A use-after-free issue has been discovered in ProFTPd: > >> > >> <http://bugs.proftpd.org/show_bug.cgi?id=3711> > >> > >> It seems that squeeze is vulnerable, too. I haven't checked the code > >> in lenny yet. > > > I have 1.3.3a-6squeeze3 ready for squeeze with the required fix. > > Waiting for a secteam go signal, just in case. > > Thanks. I trust that the call is at the right place, I find the code > somewhat confusing. > > Please upload with the usual caveats (1.3.3a-6squeeze2 as version > number, squeeze-security suite, host security-master).
About lenny, it appears the 1.3.1 version still had not the feature of dispatching control commands while data transfers are going on. So the whole pool mechanism is not operational and the issue does not apply at all. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
