Subject: Re: NetBSD Security Advisory 2004-009: ftpd root escalation
To: Paul Goyette <>
From: Jan Schaumann <>
List: tech-security
Date: 08/17/2004 21:02:54
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Paul Goyette <> wrote:
> Hmmm.  I just tried to update from CVS, and I still get the 20040809
> sources.

This is correct.  As the SA states, the NetBSD-ftpd version needs to be
20040809 or higher.  Only for non-NetBSD-base-system tnftpd versions
(for example tnftpd from pkgsrc) do you need a version of 20040810.

I admit glancing through the SA this can seem confusing (happened to me
myself), but if you carefully read it, it should become clear.


"The last time anybody made a list of the top hundred character
attributes of New Yorkers, common sense snuck in at number 79."

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)