Date: Wed, 15 Dec 2004 08:23:09 +0100 From: Alex Dupre <ale@FreeBSD.org> To: "D. J. Bernstein" <djb@cr.yp.to> Cc: ports@FreeBSD.org Subject: Re: nuke cftp Message-ID: <41BFE65D.6080802@FreeBSD.org> In-Reply-To: <20041215001202.4391.qmail@cr.yp.to> References: <20041215001202.4391.qmail@cr.yp.to>
next in thread | previous in thread | raw e-mail | index | archive | help
D. J. Bernstein wrote: > You're shipping cftp 0.12, which has been known for more than a year to > be remotely exploitable. I think the vulnerability you are talking about has been fixed 17 months ago, increasing the incriminated buffer size. BTW, what does it mean "several new packages will be made available Real Soon Now"? When?! :-) -- Alex Dupre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BFE65D.6080802>