There are two serious vulnerabilities in the current ProFTPD package of Debian GNU/Linux 3.1. Both issues are fixed in package ProFTPD 1.2.10-20, which is still not available over security.debian.org.
You can get the latest ProFTPD package for Sarge here:
Add the address to your /etc/apt/sources.list and run apt-get update && apt-get upgrade to install the update.
You can get the latest ProFTPD package for Sarge here:
deb http://people.debian.org/~frankie/debian/sarge/ ./
Add the address to your /etc/apt/sources.list and run apt-get update && apt-get upgrade to install the update.