Two vulnerabilities were discovered in wu-ftpd:
Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the root directory.
A buffer overflow existed in wu-ftpd's code which deals with S/key authentication.
For the stable distribution (woody) these problems have been fixed in version 2.6.2-3woody4.
For the unstable distribution (sid) these problems have been fixed in version 2.6.2-17.1.
We recommend that you update your wu-ftpd package.