WU-FTPD 2.6.2 has been released. 

The following security patches are available and should be applied.

* connect-dos.patch

    Fixes a possible denial of service attack on systems that allow only one
    non-connected socket bound to the same local address.

* realpath.patch

    Fixes an off-by-one error in the fb_realpath() function, as derived 
    from the realpath function in BSD, may allow attackers to execute 
    arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via 
    commands that cause pathnames of length MAXPATHLEN+1 to trigger a 
    buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, 
    (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.  SEE CVE CAN-2003-0466 

* skeychallenge.patch

    Fixes a potential stack overflow in the handling of S/Key challenge
    logins.