(FALSE ALARM ON) ncftp (SSA:2005-135-02)
Posted on: 05/17/2005 06:57 AM

From Slackware:

An advisory recently went out on NcFTP, but it appears that the issue in question was fixed long ago in version 3.1.5, released on 2002-10-13.

I received an email at security@slackware.com from a well-meaning user informing me that 3.1.9 had a security issue that was going unpatched:

gt; I just noticed that there is a new security update (version 3.1.9) for
gt; NcFTP client available, but the current Slacware Package Browser lists
gt; version ncftp-3.1.8-i486-1.

I then went to www.ncftp.com to verify this, and managed to misread the site, thinking that an old security advisory pertained to 3.1.9. I imagine that's the same thing that happened to the person who wrote to me.

Anyway, just to let you all know that if you already have 3.1.5 or newer that there aren't any security issues affecting you that I'd consider worth an advisory. My apologies if this has been an inconvenience to any Slackware users, or if the fine people at NcFTP or other distributions have had to answer any questions about this. I'll try to
read more carefully next time. :-)

Take care,

Pat



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/false_alarm_on_ncftp_ssa2005_135_02.html)