Subject: Re: CVS commit: pkgsrc
To: None <Thilo.Manske@HEH.Uni-Oldenburg.DE>
From: Rene Hexel <rh@idle.trapdoor.vip.at>
List: source-changes
Date: 02/14/1999 09:44:41
In article <385cb0d348%Thilo@riscpc.heh.uni-oldenburg.de>,
	Thilo Manske <Thilo.Manske@HEH.Uni-Oldenburg.DE> writes:

> Does this fix those buffer overflows as described in CERT Advisory
> CA-99.03?
> http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html.

  It does -- or at least it should.  It incorporates the patch
RedHat made to its linux version of wu-ftpd.  However, I just
read a message on bugtraq that some buffer overflow vulnerability
still remains with that fix.

  I just performed a few tests, and yes, it seems like some holes
still remain.  I'll investigate the source code and see whether I
can come up with a fix ...

  Cheers
      ,
   Rene