Hi there,
I just read that there's a more or less severe issue when using ProFTPD.
An unauthenticated client could be able to execute arbitrary code on a vulnerable system.
See more here: http://bugs.proftpd.org/show_bug.cgi?id=4169 or here https://security-tracker.debian.org/tracker/CVE-2015-3306
As stated on the heise security forums it should be sufficient to deactivate the loading of mod_copy in the modules.conf until a stable and secure version can be installed.
Best regards.