From owner-freebsd-security  Thu Sep  9  7:59:13 1999
Delivered-To: freebsd-security@freebsd.org
Received: from thoth.mch.sni.de (thoth.mch.sni.de [192.35.17.2])
	by hub.freebsd.org (Postfix) with ESMTP id AFAA5152E9
	for <security@FreeBSD.ORG>; Thu,  9 Sep 1999 07:59:06 -0700 (PDT)
	(envelope-from ust@cert.siemens.de)
X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer thoth.mch.sni.de)
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.14])
	by thoth.mch.sni.de (8.9.3/8.9.3) with ESMTP id QAA06051;
	Thu, 9 Sep 1999 16:58:36 +0200 (MET DST)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17])
	by mail2.siemens.de (8.9.3/8.9.3) with ESMTP id QAA28885;
	Thu, 9 Sep 1999 16:58:35 +0200 (MET DST)
Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134])
	by mars.cert.siemens.de (8.9.3/8.9.3/Siemens CERT [ $Revision: 1.9 ]) with ESMTP id QAA83025;
	Thu, 9 Sep 1999 16:58:35 +0200 (CEST)
Received: (from ust@localhost)
	by alaska.cert.siemens.de (8.9.3/8.9.3/alaska [ $Revision: 1.2 ]) id OAA51824;
	Thu, 9 Sep 1999 14:58:35 GMT
	(envelope-from ust)
Date: Thu, 9 Sep 1999 16:58:34 +0200
From: Udo Schweigert <ust@cert.siemens.de>
To: "Rashid N. Achilov" <shelton@sentry.granch.ru>
Cc: Ruslan Ermilov <ru@ucb.crimea.ua>, Bill Fink <bill@billfink.com>,
	security@FreeBSD.ORG
Subject: Re: FTP Vulnerability
Message-ID: <19990909165834.A51466@alaska.cert.siemens.de>
References: <19990909162255.A15548@relay.ucb.crimea.ua> <Pine.BSF.4.10.9909092051490.59511-100000@sentry.granch.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <Pine.BSF.4.10.9909092051490.59511-100000@sentry.granch.ru>
X-Operating-System: FreeBSD 3.3-RC
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Sep 09, 1999 at 08:54:08PM +0700, Rashid N. Achilov wrote:
> On Thu, 9 Sep 1999, Ruslan Ermilov wrote:
> 
> > > I've visited the mirrors for the WUFTP site(s) looking for the versions
> > > "after August 30" and there's NOTHING newer than MAY.
> > > 
> > The versions we are talking about refer to the FreeBSD ports collection.
> > Port of wu-ftpd (/usr/ports/net/wu-ftpd) has been upgraded to apply the
> > following patch:
> > 
> > ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/mapped.path.overrun.patch
> 
> On this site mapped.overrun... dated August,24.
> In ports tree in patches subdir newest patch dated April,7 :-)
> 

That's OK, because the patch will be downloaded when doing the "make". 

Makefile contains:

PATCH_SITES=    ftp://ftp.wu-ftpd.org/pub/wu-ftpd/quickfixes/apply_to_2.5.0/
PATCHFILES=     \
                data-limit.patch \
                deny.not.nameserved.patch \
                mapped.path.overrun.patch \
                not.in.class.patch \
                rfc931.timeout.patch

Regards
-------------------------------------------------------------------------------
Udo Schweigert              || Voice      : +49 89 636 42170
Siemens AG, Siemens CERT    || Fax        : +49 89 636 48000
ZT IK 3                     || email      : Udo.Schweigert@mchp.siemens.de
D-81730 Muenchen / Germany  ||            : ust@cert.siemens.de
PGP fingerprint             || 2A 53 F6 A6 30 59 64 02  6B C4 E0 73 B2 C9 6C E7
-------------------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message