current-users: Re: NetBSD Security Advisory 2004-009: ftpd root escalation

Subject: Re: NetBSD Security Advisory 2004-009: ftpd root escalation
To: Paul Goyette <paul@whooppee.com>
From: Jan Schaumann <jschauma@netmeister.org>
List: current-users
Date: 08/17/2004 21:02:54

--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Paul Goyette <paul@whooppee.com> wrote:
> Hmmm.  I just tried to update from CVS, and I still get the 20040809
> sources.

This is correct.  As the SA states, the NetBSD-ftpd version needs to be
20040809 or higher.  Only for non-NetBSD-base-system tnftpd versions
(for example tnftpd from pkgsrc) do you need a version of 20040810.

I admit glancing through the SA this can seem confusing (happened to me
myself), but if you carefully read it, it should become clear.

-Jan

--=20
"The last time anybody made a list of the top hundred character
attributes of New Yorkers, common sense snuck in at number 79."

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFBIqq+fFtkr68iakwRAjszAKDN3wekf/sMpQ+fBWTVgxQEEEkuDACdEzHR
wqW/uJK6cz4aORHxDKL7XRA=
=WZd1
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--