Dear Maintainer, Yes, the bug in the patch was mine: meant to check the return status of setgid(getegid()) but somehow managed to mis-type that into setgid(geteuid()). Stupid mistake. Shame on me.
Now, linux-ftpd_0.17-20sarge2.diff.gz was dated September 2006 as per your latest "closure" message http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454;msg=44 (or maybe 20 Nov 2006 as per http://www.debian.org/security/2006/dsa-1217 or 13 Nov 2006 as the date on current http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz ) and contains the "wrong" patch. So this seems fixed in etch 0.17-23 since 25 Nov 2006, but not yet in sarge (==stable) 0.17-20sarge2. Please fix for sarge also. Thanks, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
