[MacPorts] #27452: security: ProFTPD 1.3.3c

Thu Nov 25 09:34:34 PST 2010

#27452: security: ProFTPD 1.3.3c
------------------------------+---------------------------------------------
 Reporter:  mas@…             |       Owner:  mas    
     Type:  defect            |      Status:  new    
 Priority:  Normal            |   Milestone:         
Component:  ports             |     Version:  1.9.2  
 Keywords:  security proftpd  |        Port:  proftpd
------------------------------+---------------------------------------------
 On October 29, 2010 (sic!), an important security update (fixing an
 unauthenticated remote security vulnerability while handling telnet IAC
 control characters) was published as ProFTPD 1.3.3c.  MacPorts still
 remains at the vulnerable version 1.3.2c.  I consider this to be broken.

 Attached is a patch to just update to 1.3.3c (not incorporating the other
 patches waiting for ProFTPD).

 As per our rules, I am not directly committing this, as ProFTPD is not
 openmaintainer.  I will, however, commit within two hours if nobody has
 any objections, as this is a security update that should really have been
 done long ago.

-- 
Ticket URL: <https://trac.macports.org/ticket/27452>
MacPorts <http://www.macports.org/>
Ports system for Mac OS