The gftp package as distributed with Debian GNU/Linux 22 has a problem
in its logging code: it logged data received from the network but it did
not protect itself from printf format attacks An attacker can use this
by making an FTP server return special responses that exploit this
This has been fixed in version 206a-31, and we recommend that ...