Topic: Request for inclusion of vsftpd
Hi, I would like to request the latest version of vsftpd to be included in your repository if possible.
Version 2.2.2 is included by default in RHEL v6 but in v2.3.5 an important security fix was implemented.
Now I doubt that Red Hat will backport it since it breaks the default conf and requires some actual work by the sysadmin
Something we all know Red Hat is very afraid of
Below is a nice video showing the reason to prefer security over backwards compatibility...
Following that a full disclosure link showing the problem in detail.
(I had to post it on code tags due to URL limit of 1 link...)
youtube.com/watch?v=10uedlgNEJA
seclists.org/fulldisclosure/2010/Oct/257