[MBT] new entry in pkg ftp "Possible directory traversal thru ftp"
bugs at pld-linux.org
bugs at pld-linux.org
Fri Aug 29 10:47:49 CEST 2003
Date: 2003-08-29 10:47:49+02 Author: Jakub Bogusz (qboosh) <qboosh at pld-linux.org>
Title: Possible directory traversal thru ftp
Ticket ID: #658
Ticket URL: http://bugs.pld-linux.org/?bug=658
Package: ftp-1:0.17-13
Distribution: PLD-1.0.main
Category: security problem
Current state: closed -- resolved
Text:
"ftp" package is netkit-ftp, which doesn't seem to be vulnerable
(it contains some checks for ".." and similar evil things;
also it's not mentioned as vulnerable and I haven't find any
fixes related to this vulnerability).
But ncftp package was vulnerable - package has been updated
to 3.1.6 - currently is available to ra/ready, will be moved
to ra/updates/security soon.
*** State changed to 'closed -- resolved'
More information about the pld-bugs
mailing list