[da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)]

Peter Pentchev roam at ringlet.net
Wed Sep 24 00:28:46 PDT 2003

On Wed, Sep 24, 2003 at 02:20:14AM -0400, Haesu wrote:
> I just want to clarify...
> # $FreeBSD: ports/ftp/proftpd/Makefile,v 1.56 2003/09/23 18:42:43 mharo Exp $
> #
> PORTNAME=       proftpd
> PORTVERSION=    1.2.8
> Is that the updated port that fixes vulnerability? It's 1.2.8 still, but I think
> this is the patched version, since rcsID shows 9/23 which is yesterday.

Yes, this is the fixed version.  Although the port version is still at
1.2.8, the port revision was bumped to 1 yesterday (it was not defined
previously, which would be equivalent to a revision of 0), so that the
FreeBSD port version is now actually 1.2.8_1.


Peter Pentchev	roam at ringlet.net    roam at sbnd.net    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
You have, of course, just begun reading the sentence that you have just finished reading.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030924/28f6867e/attachment.bin

More information about the freebsd-security mailing list