Jeroen van Wolffelaar wrote:
> tags 318286 sarge
> thanks
>
> On Thu, Jul 14, 2005 at 05:36:34PM +0300, Joey Hess wrote:
> > oftpd is vulnerable to anothere security hole. This time a crafted "FTP
> > USER" command can cause a crash. Since a buffer overflow is involved,
> > it's possible that this can be used to execute arbitrary code.
> >
> > Details here: http://securitytracker.com/alerts/2005/Jul/1014413.html
>
> I just removed it from unstable at the maintainer's request, as the same
> version is in sarge, it probably should be dropped from sarge too in a
> point release.
Removing a vulnerable package (because it is vulnerable) is a very bad idea.
Regards,
Joey
--
Life is too short to run proprietary software. -- Bdale Garbee
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
