From owner-freebsd-security Sat Mar 20 0:31:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp2.andrew.cmu.edu (SMTP2.ANDREW.CMU.EDU [128.2.10.82]) by hub.freebsd.org (Postfix) with ESMTP id 3BD3114F86 for ; Sat, 20 Mar 1999 00:31:41 -0800 (PST) (envelope-from Harry_M_Leitzell@cmu.edu) Received: from unix6.andrew.cmu.edu (UNIX6.ANDREW.CMU.EDU [128.2.15.10]) by smtp2.andrew.cmu.edu (8.8.5/8.8.2) with SMTP id DAA00492; Sat, 20 Mar 1999 03:31:15 -0500 (EST) Date: Sat, 20 Mar 1999 03:31:15 -0500 (EST) From: "Harry M. Leitzell" X-Sender: Harry_M_Leitzell@unix6.andrew.cmu.edu To: Ollivier Robert Cc: freebsd-security@FreeBSD.ORG Subject: Re: 3.1-RELEASE In-Reply-To: <19990319231053.A13596@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ah, I was not aware and should have investigated further into it. Sorry about jumping the gun there folks. On Fri, 19 Mar 1999, Ollivier Robert wrote: > According to Harry M. Leitzell: > > to install an ftp daemon, I ended up using the ports to install proftpd. > > The only problem with this is that the ports collection installed pre1 > > which has a known buffer overflow in it. Maybe I am wrong in assuming > > Look in the directory patches in /usr/ports/net/proftpd. You'll notice that > a patch was added to close this hole. > > ---------------------------- > revision 1.7 > date: 1999/02/12 21:55:04; author: obrien; state: Exp; lines: +5 -1 > add buffer overflow vulnerability reduction patch > > Submitted by: Michael > ---------------------------- > > So the package you have is immune. I sent a diff to upgrade the port to > pre2 but the package maintainer has an invalid address... > -- > Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 4.0-CURRENT #70: Sat Feb 27 09:43:08 CET 1999 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message