diff -urN frox-0.6.6/configure frox-0.6.7/configure
--- frox-0.6.6/configure	Mon Oct 22 09:49:36 2001
+++ frox-0.6.7/configure	Wed Nov 28 16:38:19 2001
@@ -709,7 +709,7 @@
 
 PACKAGE=frox
 
-VERSION=0.6.6
+VERSION=0.6.7
 
 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
   { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }
diff -urN frox-0.6.6/configure.in frox-0.6.7/configure.in
--- frox-0.6.6/configure.in	Mon Oct 22 09:49:30 2001
+++ frox-0.6.7/configure.in	Wed Nov 28 16:37:48 2001
@@ -17,7 +17,7 @@
 
 dnl Process this file with autoconf to produce a configure script.
 AC_INIT(src/ftp-proxy.h)
-AM_INIT_AUTOMAKE(frox, 0.6.6)
+AM_INIT_AUTOMAKE(frox, 0.6.7)
 AM_CONFIG_HEADER(config.h)
 
 dnl Compiler flags
diff -urN frox-0.6.6/doc/ChangeLog frox-0.6.7/doc/ChangeLog
--- frox-0.6.6/doc/ChangeLog	Sun Oct 21 11:27:35 2001
+++ frox-0.6.7/doc/ChangeLog	Wed Nov 28 17:43:39 2001
@@ -1,3 +1,10 @@
+Changes from version 0.6.6-->0.6.7
+
+	* localcache.c/cache.c -- fixed potential buffer overflow with a
+	hostile server and local caching.
+
+	* misc.c -- fixed a non-exploitable buffer overflow in write_log()
+	
 Changes from version 0.6.5-->0.6.6
 
 	* main.c -- Reconnect SIGHUP after dealing so second SIGHUP
diff -urN frox-0.6.6/src/cache.c frox-0.6.7/src/cache.c
--- frox-0.6.6/src/cache.c	Thu Oct 18 11:21:10 2001
+++ frox-0.6.7/src/cache.c	Wed Nov 28 16:37:05 2001
@@ -266,6 +266,7 @@
 	get_message(&code, msg);
 	if(code/100 != 2) *fileinfo.mdtm=0;
 	else strcpy(fileinfo.mdtm, msg);
+	if(strlen(fileinfo.mdtm) > 30) quit(SERVER_RUBBISH);
 	debug2("Cache: MDTM is %s\n", fileinfo.mdtm);
 
 	if(fileinfo.filename[0]!='/') {
diff -urN frox-0.6.6/src/localcache.c frox-0.6.7/src/localcache.c
--- frox-0.6.6/src/localcache.c	Sun Jun 24 15:47:56 2001
+++ frox-0.6.7/src/localcache.c	Wed Nov 28 13:57:38 2001
@@ -189,8 +189,8 @@
 		cache_status=NONE;
 		return(FALSE);
 	}
-	sprintf(buf, "     %s %d %d %s\n", mdtm, 
-		size, type, uri);
+	snprintf(buf, MAX_LINE_LEN*2, "     %s %d %d %s\n", mdtm, 
+		 size, type, uri);
 	sprintf(buf, "%d", strlen(buf)-5);
 	buf[strlen(buf)]=' ';
 	write(fd, buf, strlen(buf));
diff -urN frox-0.6.6/src/misc.c frox-0.6.7/src/misc.c
--- frox-0.6.6/src/misc.c	Sun Jun 24 16:04:59 2001
+++ frox-0.6.7/src/misc.c	Wed Nov 28 13:56:50 2001
@@ -229,7 +229,7 @@
 		syslog(LOG_NOTICE|LOG_DAEMON, "%s\n", buf);
 	}
 
-	sprintf(buf2,"frox[%d] %s\n", getpid(), buf);
+	snprintf(buf2, MAX_LINE_LEN, "frox[%d] %s\n", getpid(), buf);
 	write(2, buf2, strlen(buf2));
 }