tag 319849 + sarge severity serious thanks On Mon, Jul 25, 2005 at 09:41:24AM +0200, Christian Hammers wrote: > Package: proftpd > Severity: grave > Justification: security > thanks >
That's quite annoying. They are fixed since ages in sid and my own packages for sarge at deb http://people.debian.org/~frankie/debian/sarge/ ./ which I strongly suggest to anyone having DoS problems due to a subtle bug open since release time (and fixed very recently by upstream). Sarge package is simply broken and should not be used (even with the two SQL flaws fixed) with mod_delay on. But mod_delay shouldn't stay off. I pointed both bugs at the very start of july (or end of june?) to both stable and testing secteams and sent at least 3 mails about the topic with patches and analysis for sarge, sid and woody. When secteam will judge it useful, they'll do that. Last time, I did wait months for that, for yardradius package. If you know something useful to accellerate the process, i'd like to know... -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]