Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533 matthias@xxxxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From matthias@xxxxxxxxxxxx 2007-06-15 11:41 EST ------- Still no backport of the patch to the stable 1.3.0a release. It's pretty annoying, since the patch against the latest RC doesn't apply cleanly because of variable name changes. I tried to backport it, but the risk in _me_ doing so is just too high. I really don't understand how/why projects decide to not provide security patches for what they consider to be the current stable release... I'm going to push new proftpd packages anyway, to fix bug #244168 but not this bug, unfortunately :-( -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
