vsFTPD 2.3.4?

Hi all,

Anyone out there still using vsFTPD 2.3.4?  If yes, please upgrade it as soon as possible.

Otherwise, you will be seized with remorse.

Samiux

The version in Centos 6 update repo is still 2.2.2....

TOP

唔好只睇 version number.
RHEL, SuSE 因為要整個 release 都做到 compatible,主 version 唔會變,但 patch 會照落,所以樓主提到嘅 bug, 如果有 fix, 佢地會 port 返入 2.2.2 個版本度(例如 2.2.2-XXX 咁).

The version in Centos 6 update repo is still 2.2.2....
waichun 發表於 2012-6-28 10:39

TOP

唔好只睇 version number.
RHEL, SuSE 因為要整個 release 都做到 compatible,主 version 唔會變,但 patc ...
lazyfai 發表於 2012-6-28 10:50


想問下點樣port? 由其舊野唔係佢地寫
我用緊3.0.0-2... 當code base 轉左2-3成...佢地又唔係vsftpd author, 睇code 都未必100%明哂成舊野搞咩
svn diff左再merge去舊branch, d code 又唔係RHEL main...你明唔明我講咩

TOP

本帖最後由 lazyfai 於 2012-6-28 12:25 編輯

當然唔係 svn diff 咁做啦。
一般情況下,如果有一個 bug, mailing list 討論完之後應該會出一個 report 講邊段 code 出咩問題要點改。其實去返舊版本會搵得返,相應做出修正。(Keyword: RHSA, RHBA, CVE)
同埋 Red Hat / SuSE 同 community 一直都會互動,什至個patch本身都係佢地提出,當然唔會好似我地自己一個人喺屋企玩玩下咁

PS. 如果再研究詳情要另開post討論喇,一陣畀樓主話我地騎劫post~

想問下點樣port? 由其舊野唔係佢地寫
我用緊3.0.0-2... 當code base 轉左2-3成...佢地又唔係vsftpd author, 睇code 都未必100%明哂成舊野搞咩
svn diff左再merge去舊branch, d code 又唔係RHEL main...你明唔明我講咩
Bomber 發表於 2012-6-28 12:17

TOP

@lazyfai,

In foreign forums, it is not allowed to hijack the post.  They concentrated on the topic that they are talking about.  However, it is very common in Hong Kong.

Samiux

TOP

@lazyfai,

In foreign forums, it is not allowed to hijack the post.  They concentrated on the topic  ...
samiux 發表於 2012-6-28 12:43



    sorry, back to the topic, what do you mean seized with remorse ? any bug ticket number for reference?

TOP

@Bomber,

If you are not using the version of 2.3.4, it is no problem at all.

An unknown intruder added a backdoor to the source code of the version 2.3.4 of the vsFTPd.  You can Google it for details.

If the version is 2.3.4, just upgrade to the latest version, such as 2.3.5 and the problem is solved.

Good luck.

Samiux

TOP

@Bomber,

If you are not using the version of 2.3.4, it is no problem at all.

An unknown intruder a ...
samiux 發表於 2012-6-28 17:31


so is just the source tree from vsftp or also affect other rpm/binary package from distro?

TOP

so is just the source tree from vsftp or also affect other rpm/binary package from distro?
martinnitram 發表於 2012-6-28 20:37



don't know.  But it is about a year ago.

TOP