Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-6563: proftpd < 1.3.1rc1 mod_ctrls buffer overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219938 ville.skytta@xxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Reopened Resolution|CURRENTRELEASE | ------- Additional Comments From ville.skytta@xxxxxx 2007-02-05 14:50 EST ------- No reproducer here and this could use reviewing by someone better versed with C than myself, but reopening based on an observation: The patch which I gather fixes the reported issue in 1.3.1rc1, committed to CVS with log entry "Bug#2867 - Local authorized user buffer overflow in Controls request handling." is not yet applied in the current FE packages: http://proftp.cvs.sourceforge.net/proftp/proftpd/src/ctrls.c?r1=1.14&r2=1.15 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
