From owner-freebsd-security@FreeBSD.ORG Wed Sep 24 00:28:46 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57EF216A4B3 for ; Wed, 24 Sep 2003 00:28:46 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 182F843FBF for ; Wed, 24 Sep 2003 00:28:44 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 13832 invoked from network); 24 Sep 2003 07:20:25 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 24 Sep 2003 07:20:24 -0000 Received: (qmail 46383 invoked by uid 1000); 24 Sep 2003 07:28:40 -0000 Date: Wed, 24 Sep 2003 10:28:40 +0300 From: Peter Pentchev To: Haesu Message-ID: <20030924072840.GD396@straylight.oblivion.bg> Mail-Followup-To: Haesu , freebsd-security@freebsd.org References: <20030924001358.GB901@users.munk.nu> <20030924062014.GA36641@scylla.towardex.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/Uq4LBwYP4y1W6pO" Content-Disposition: inline In-Reply-To: <20030924062014.GA36641@scylla.towardex.com> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org Subject: Re: [da@securityfocus.com: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd)] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Sep 2003 07:28:46 -0000 --/Uq4LBwYP4y1W6pO Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 24, 2003 at 02:20:14AM -0400, Haesu wrote: > I just want to clarify... >=20 > # $FreeBSD: ports/ftp/proftpd/Makefile,v 1.56 2003/09/23 18:42:43 mharo E= xp $ > # >=20 > PORTNAME=3D proftpd > PORTVERSION=3D 1.2.8 > PORTREVISION=3D 1 >=20 > Is that the updated port that fixes vulnerability? It's 1.2.8 still, but = I think > this is the patched version, since rcsID shows 9/23 which is yesterday. Yes, this is the fixed version. Although the port version is still at 1.2.8, the port revision was bumped to 1 yesterday (it was not defined previously, which would be equivalent to a revision of 0), so that the FreeBSD port version is now actually 1.2.8_1. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 You have, of course, just begun reading the sentence that you have just fin= ished reading. --/Uq4LBwYP4y1W6pO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD4DBQE/cUeo7Ri2jRYZRVMRAkptAKCcVyIVcxUEYABPdqWEJkOnGXdCSACY3E3H cB/A1tVgty+KeQhNjKew8Q== =hHq5 -----END PGP SIGNATURE----- --/Uq4LBwYP4y1W6pO--