Comment 5 for bug 11565

Message-ID: <email address hidden>
Date: Thu, 30 Dec 2004 15:16:26 +0100
From: Adeodato =?iso-8859-1?Q?Sim=F3?= <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Re: CAN-2004-1165: FTP command injection bug

tag 285128 sarge sid
stop here

* Joey Hess [Fri, 10 Dec 2004 14:51:51 -0500]:

> The advisory says that it affects version >= 3.3.1, so perhaps our
> 3.2.3-1/2.3.3-1 in t-p-u/testing are not vulnerable. I've not checked.

  just for the record: yes, 3.2 is vulnerable. upstream released patches
  for both the 3.3.x and 3.2.x series.

--
Adeodato Sim� EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621

Old men are fond of giving good advice to console themselves for their
inability to set a bad example.
                -- La Rochefoucauld, "Maxims"