COMMAND

    proftpd

SYSTEMS AFFECTED

    Debian

PROBLEM

    Following  is  based  on  a  DSA-032-1  Advisory.   The  following
    problems have been reported for  the version of proftpd in  Debian
    2.2 (potato):
    1. There  is a  configuration error  in the  postinst script, when
       the user enters 'yes', when asked if anonymous access should be
       enabled.   The  postinst  script  wrongly  leaves  the  'run as
       uid/gid root'  configuration option  in /etc/proftpd.conf,  and
       adds a 'run as uid/gid nobody' option that has no effect.
    2. There  is  a  bug  that  comes  up when /var is a symlink,  and
       proftpd is restarted.  When stopping proftpd, the /var  symlink
       is  removed;  when  it's  started  again  a  file named /var is
       created.

SOLUTION

    Patches:

        http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.dsc
        http://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/proftpd_1.2.0pre10-2.0potato1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/proftpd_1.2.0pre10-2.0potato1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/proftpd_1.2.0pre10-2.0potato1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/proftpd_1.2.0pre10-2.0potato1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/proftpd_1.2.0pre10-2.0potato1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/proftpd_1.2.0pre10-2.0potato1_sparc.deb