ProFTPD 1.3.0a released

CVS-2006-5815 対応で、詳細は Bug #2858 を参照のこと、だそうです。



	Some users may not be able to immediately patch their ProFTPD installations.
	Until they are able to install a patched version, the following steps can
	mitigate the impact of this flaw:

	- Remove DisplayConnect, DisplayLogin, DisplayChdir, DisplayFirstChdir,
	  DisplayFileTransfer, AccessDenyMsg, and WrapDenyMsg directives from your
	  ProFTPD configuration.

	- Avoid using variable substitutions/magic cookies/%-style escapes in
	  /etc/shutmsg, when specifying a warning message with the ftpshut(8)
	  command, or in RewriteRule directives.

	- Add a DenyFilter directive to your configuration to limit FTP command
	  arguments to only characters that you require. For example: 'DenyFilter
	  [^A-Za-z0-9_.-]' limits FTP command arguments (such as filenames) to
	  alphanumeric characters, the underscore, period, and dash.

うちの会社は ProFTPD を結構使ってるからなぁ... 大変だ > 担当の人々 ^^;)。