On Thu, 2010-11-18 at 10:53 +0100, Geoff Galitz wrote: > > Good day, > > Is proftpd 1.3.3c in the pipeline by any chance? A stack overflow > has been discovered in the previous recent versions: > > http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3c > > http://bugs.proftpd.org/show_bug.cgi?id=3521
That's hilarious! I think ProFTPD should finally switch over to vsftpd for their mirrors. Anyone to check the md5 from the SRPM (just in case)? ftp.proftpd.org compromised [01/Dec/2010] The ProFTPD Project team is sorry to announce that the Project's main FTP server, as well as all of the mirror servers, have carried compromised versions of the ProFTPD 1.3.3c source code, from the November 28 2010 to December 2 2010. All users who run versions of ProFTPD which have been downloaded and compiled in this time window are strongly advised to check their systems for security compromises and install unmodified versions of ProFTPD. To verify the integrity of your source files, use the PGP signatures which can be found here as well as on the FTP servers. The source code in CVS was not affected. 1.3.3c released [29/Oct/2010] The ProFTPD Project team has released 1.3.3c to the community. This is an important security release, containing fixes for a Telnet IAC handling vulnerability and a directory traversal vulnerability in the mod_site_misc module. The RELEASE_NOTES and NEWS files contain the full details. -- Sincerely yours, Yury V. Zaytsev _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
