On Wed, 20 Nov 2002, Steve Kargl wrote: > NetBSD.org has a security advisory about potential problems with their > ftpd. If this is part of lukemftp, then the issue of removing/updating > lukemftp needs to be addressed for FreeBSD 5.0 RELEASE. > > ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc
Lukemftpd's build and install has been unplugged from the 5.0-CURRENT and 4.x-STABLE branches, so other than the fact that we ship the source, it's somewhat addressed. Mail has been sent to the security-officer, so hopefully we'll know soon whether the lukemftpd shipped with 4.7 was vulnerable. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
