proftpd

Due to technical problems yesterday’s proftpd update lacked a build for
the amd64 architecture, which is now available. For reference please find
below the original advisory text:

>
> Several remote vulnerabilities have been discovered in the proftpd FTP
> daemon, which may lead to the execution of arbitrary code or denial
> of service. The Common Vulnerabilities and Exposures project identifies
> the following problems:
>
>
> * CVE-2006-5815
> It was discovered that a buffer overflow in the sreplace() function
> may lead to denial of service and possibly the execution of arbitrary
> code.
> * CVE-2006-6170
> It was discovered that a buffer overflow in the mod_tls addon module
> may lead to the execution of arbitrary code.
> * CVE-2006-6171
> It was discovered that insufficient validation of FTP command buffer
> size limits may lead to denial of service. Due to unclear information
> this issue was already fixed in DSA-1218 as CVE-2006-5815.
>
>
>

For the stable distribution (sarge) these problems have been fixed in version
1.2.10-15sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.0-16 of the proftpd-dfsg package.

We recommend that you upgrade your proftpd package.