http://secunia.com/advisories/23371/ local privilege escalation to root. mod_ctrls is disabled by default in upstream (according to the advisory), and is only exploitable by local users who have access to the controls via an ACL in the conf file. Version 1.3.1rc1 is the fixed version, should be available in their CVS.
fixing summary.
/* (no) comment */
net-ftp/proftpd-1.3.1_rc1 is in the tree, fixing all the known vulns and bugs we had to patch before, and it seems to work very well, so do your magic, security team and archs! ;) Best regards, CHTEKK. PS: we pass --enable-ctrls by default, so I'm pretty sure we have mod_ctrls or at least the sending of controls enabled by default (bug was in src/ctrls.c).
Hi arches team, please test mark stable if appropriate: net-ftp/proftpd-1.3.1_rc1
ppc stable
ppc64 stable
sparc stable.
*poof*
Alpha stable.
Stable on hppa. Sorry for delay.
pinging amd64.
amd64 stable
Late ! :((( GLSA request filed.
GLSA 200702-02, thanks to everybody.