Debian Security Advisory DSA 1006-1 - "kcope" discovered that the wzdftpd FTP server lacks input sanitising for the SITE command, which may lead to the execution of arbitrary shell commands.
843158fcf7ed9bc27eb365270cd8e40583f31026ca07ee81249a31bb9d55c429