diff -u linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
--- linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
+++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
@@ -1729,7 +1729,7 @@
 static FILE * dataconn(const char *name, off_t size, const char *mode, int stou)
 {
 	char sizebuf[32];
-	FILE *file;
+	FILE *file = NULL;
 	int retry = 0, tos;
 
 	file_size = size;
@@ -1822,7 +1822,10 @@
 				    ERR_error_string(ERR_get_error(),NULL));
 			perror_reply(425, errbuf);
 			/* abort time methinks ... */
-			fclose(file);
+			if(file != NULL){
+				fclose(file);
+				file = NULL;
+			}
 			return NULL;
 		    } else {
 			if (ssl_debug_flag) {
diff -u linux-ftpd-ssl-0.17.18+0.3/debian/changelog linux-ftpd-ssl-0.17.18+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.18+0.3/debian/changelog
+++ linux-ftpd-ssl-0.17.18+0.3/debian/changelog
@@ -1,3 +1,14 @@
+linux-ftpd-ssl (0.17.18+0.3-9ubuntu1.1) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: remote denial of service caused by passing an
+    uninitialized file stream to fopen().
+  * Initialise file with NULL and check for NULL before calling fclose(). 
+  * References
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454733
+    CVE-2007-6263
+
+ -- Pedro Fragoso <emberez@gmail.com>  Fri, 14 Dec 2007 02:55:32 +0000
+
 linux-ftpd-ssl (0.17.18+0.3-9ubuntu1) gutsy; urgency=low
 
   * Merge from Debian unstable. Remaining Ubuntu changes: