On Wed, Nov 28, 2001 at 09:57:29PM -0800, Brian Lavender wrote: > A friend of mine emailed me this glob.c patch for the recent wu-ftpd > exploit. I don't understand how the exploit works, but I am sure someone > will tell me if this patch gaurds against it. The only other patch out > there seems to be the Dead Rat src rpm, so I'll post what I found. I also > used the patch build Debian packages, so if you are running Debian, you > can use my Debian packages. Use them at your own risk though.
A fix is in incoming (http://incoming.debian.org/) for both stable and unstable. Take the appropriate one. As usual when downloading from incoming, though, it's at your own risk, and you should verify that the GPG signature on the .changes file was made by a key on the Debian keyring. -- Colin Watson [EMAIL PROTECTED]
