Hi Mario, On Tue, May 19, 2015 at 08:33:08AM +0200, Mario Lipinski wrote: > Dear proftpd maintainers, > > following a recent press release [1], exploits [2] for this bug [3] exist > and the bug seems to be unfixed in the currently supported oldstable and > stable releases [4]. What about considering a security release or updating > the security-tracker information? > > [1] > http://www.heise.de/newsticker/meldung/Angreifer-nutzen-kritische-Luecke-in-ProFTPD-aus-2652114.html > (German) > [2] https://github.com/nootropics/propane > [3] http://bugs.proftpd.org/show_bug.cgi?id=4169 > [4] https://security-tracker.debian.org/tracker/CVE-2015-3306
The information on the security tracker is indeed right. An update for proftpd-dfsg for wheezy-security and jessie-security is in the works and should be out hopefully soon. HTH and Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org