Message-ID: <email address hidden> Date: Thu, 30 Dec 2004 15:16:26 +0100 From: Adeodato =?iso-8859-1?Q?Sim=F3?= <email address hidden> To: <email address hidden> Cc: <email address hidden> Subject: Re: CAN-2004-1165: FTP command injection bug
tag 285128 sarge sid stop here
* Joey Hess [Fri, 10 Dec 2004 14:51:51 -0500]:
> The advisory says that it affects version >= 3.3.1, so perhaps our > 3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.
just for the record: yes, 3.2 is vulnerable. upstream released patches for both the 3.3.x and 3.2.x series.
-- Adeodato Sim� EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Old men are fond of giving good advice to console themselves for their inability to set a bad example. -- La Rochefoucauld, "Maxims"
Message-ID: <email address hidden> 1?Q?Sim= F3?= <email address hidden>
Date: Thu, 30 Dec 2004 15:16:26 +0100
From: Adeodato =?iso-8859-
To: <email address hidden>
Cc: <email address hidden>
Subject: Re: CAN-2004-1165: FTP command injection bug
tag 285128 sarge sid
stop here
* Joey Hess [Fri, 10 Dec 2004 14:51:51 -0500]:
> The advisory says that it affects version >= 3.3.1, so perhaps our
> 3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.
just for the record: yes, 3.2 is vulnerable. upstream released patches
for both the 3.3.x and 3.2.x series.
--
Adeodato Sim� EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Old men are fond of giving good advice to console themselves for their
inability to set a bad example.
-- La Rochefoucauld, "Maxims"