cPanel published ProFTPD releases not affected by security breach

On December 1, 2011 the ProFTPD Project team announced that the Project’s main FTP server, as well as mirror servers, were compromised. The ProFTPD 1.3.3c source code was modified to include a backdoor.

The cPanel & WHM Development team obtained the ProFTPD 1.3.3c sources prior to the compromise. Additionally, the Development team has verified that the binary version distributed to cPanel & WHM servers is not affected by this issue. Currently, all product update tiers are set for ProFTPD 1.3.3c.

ProFTPD Compromise Announcement
ProFTPD Project Site