wu-ftpd - remote root exploit

iSEC Security Research reports that wu-ftpd contains an off-by-one bug
in the fb_realpath function which could be exploited by a logged-in user
(local or anonymous) to gain root privileges. A demonstration exploit is
reportedly available.

For the current stable distribution (woody) this problem has been fixed
in version 2.6.2-3woody1.

For the unstable distribution (sid) an update will be available shortly.

We recommend you upgrade your wu-ftpd package immediately.