An integer overflow flaw was reported , in the mod_sftp module of ProFTPD. If a specially crafted SSH message was sent to a ProFTPD server using mod_sftp, it could lead to the allocation of enormous amounts of memory and an eventual OOM termination by the kernel. This issue was assigned the name CVE-2011-1137 . It was fixed in CVS ,,
Created proftpd tracking bugs for this issue
Affects: fedora-all [bug 681719]
I believe this one can be closed now.
All current releases now have this fixed.
F-15 and Rawhide have 1.3.4rc2.
EL-4, EL-5, EL-6, F-13 and F-14 have 1.3.3e.