Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-2165: proftpd auth bypass vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533
matthias(a)rpmforge.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From matthias(a)rpmforge.net 2007-06-15 11:41 EST -------
Still no backport of the patch to the stable 1.3.0a release. It's pretty
annoying, since the patch against the latest RC doesn't apply cleanly because of
variable name changes. I tried to backport it, but the risk in _me_ doing so is
just too high.
I really don't understand how/why projects decide to not provide security
patches for what they consider to be the current stable release... I'm going to
push new proftpd packages anyway, to fix bug #244168 but not this bug,
unfortunately :-(
--
Configure bugmail:
https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.