Description of problem: EPEL 6 provides only proftpd-1.3.3g, but the 1.3.3 release is not supported by upstream anymore: http://www.proftpd.org/ Therefore please consider to update proftpd to 1.3.4c.
Well that is true but 1.3.4 is quite a significant update from 1.3.3, which might introduce regressions from current behaviour, which is discouraged in EPEL. I'll need a bit more convincing to do an EPEL update I think, having backported a recent security fix to 1.3.3g myself.
(In reply to Paul Howarth from comment #1) > Well that is true but 1.3.4 is quite a significant update from 1.3.3, which > might introduce regressions from current behaviour, which is discouraged in > EPEL. > > I'll need a bit more convincing to do an EPEL update I think, having > backported a recent security fix to 1.3.3g myself. In general it seems that EPEL lacks the manpower to backport security fixes, which is why I would feel safer if an upstream supported version was used. Then the migration could be done when it fits into ones schedule instead of when it becomes urgent because of an security issue. But since you would backport fixes I close this bug.