According to the proftpd development list the overflow problems in 1.2.0pre3 and 4 were not properly fixed. The updated version of Redhat 1.2.0pre3-6 is still vulnerable as far as I can tell. ftp://ftp.tos.net/pub/proftpd is the new location of proftpd, the old ftp.proftpd.org is no longer being maintained it appears. 1.2.0pre5 fixes all known buffer overflow vulnerabilities.
*** This bug has been marked as a duplicate of 5047 ***