=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN056
_____________________________________________________________________

DATE                      : 17/02/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running ProFTPD versions prior to 1.3.2.

======================================================================
http://sourceforge.net/mailarchive/message.php?msg_name=Pine.LNX.4.33.0902051113180.21306-100000%40golem.castaglia.org
______________________________________________________________________
=============================================================================

Hello, ProFTPD community. The ProFTPD Project team is pleased to announce
that the final release for ProFTPD 1.3.2 is now available for public
consumption.

You can download 1.3.2, including PGP signatures and MD5 sums, from any
of the proftpd mirrors. Mirrors are available via FTP as:

ftp.<two_letter_iso_country_code>.proftpd.org

(example: ftp.nl.proftpd.org). Not all countries have mirrors; however
you should select one that is geographically close to you.

Alternatively, you can download proftpd from the main site:

ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.2 release is bugfix release, including a fix for an
encoding-dependent SQL injection vulnerability. ProFTPD users,
especially sites using SQL databases, are encouraged to update to 1.3.2.

Please read the included NEWS and ChangeLog files for the full details.

The MD5 sums for the source tarballs are:

89f5e31fc3d3e02b66424dfc6cc5892d proftpd-1.3.2.tar.bz2
756f762883cc8eed03d99dc3b1c56a8e proftpd-1.3.2.tar.gz

The PGP signatures for the source tarballs are:

proftpd-1.3.2.tar.bz2:

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================