Package: oftpd Version: 20040304-1 Severity: grave Justification: renders package unusable
oftpd is exposed to a Denial-of-Service attack, as described in http://www.time-travellers.org/oftpd/oftpd-dos.html the solution is to upgrade to 0.3.7 i think this has been fixed in woody (oftpd-0.3.6-6 upload by the security team), however sarge has a broken version. (since i just recently switched from woody to sarge, that's why i came across this) i really think that this should be fixed in sarge by security-team. i know that this is basically a duplication of bug#307957, however, since the maintainer has not reacted, i re-report this bug with a higher priority (which i really think it deserves) (and btw, reportbug didn't give me the option to find out whether this bug has already been reported) related question: is there another secure anonymous-only ftp-client in debian/sarge? mfg.asd.r IOhanens -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (200, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages oftpd depends on: ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.5-13 GNU C Library: Shared libraries an ii syslog-ng [system-log-daemon] 1.6.5-2.2 Next generation logging daemon -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
