Page 1 of 1

Filezilla security hole in new beta

PostPosted: 17. March 2009 07:31
by Boogerhead
Kind folks,

I just ran Secunia PSI on an existing XAMPP install, which told me my install of Filezilla server 9.29 was insecure. Came here, saw new beta, downloaded, checked readme, found it came with 9.30. Good. Checked Filezilla site, found this warning:

2009-03-03 - FileZilla Server 0.9.31 releasedBugfixes and minor changes:
Fix buffer overflow in SSL code leading to a potential security vulnerability

I don't know if there's time to integrate the somewhat newer version into another beta or something before it goes out.

On a not-unrelated note: If the English and German readme files could get posted as separate downloads somewhere, that could simplify life (and bandwidth costs).

Thanks for everything!

Mike

Re: Filezilla security hole in new beta

PostPosted: 17. March 2009 07:43
by Izzy
The XAMPP beta site has a form to give feedback and is found here:
http://www.apachefriends.org/en/xampp-beta.html

Boogerhead wrote:On a not-unrelated note: If the English and German readme files could get posted as separate downloads somewhere...
The readme_en.txt file can be downloaded from the same place you download XAMPP and in Windows it is here:
http://www.apachefriends.org/en/xampp-windows.html
See also README
http://www.apachefriends.org/winxampp/readme_en.txt

Re: Filezilla security hole in new beta

PostPosted: 17. March 2009 18:59
by Boogerhead
Much obliged! Will file the beta feedback.

To get to the readme in the beta version, though, you do still have to download the beta:
http://www.apachefriends.org/en/xampp-beta.html

I'll leave feedback about that as well.

Thanks again!

Mike