lftp 3.7.8-1ubuntu0.1 source package in Ubuntu
Changelog
lftp (3.7.8-1ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via dot file download
- debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
- This update changes previous behaviour by ignoring the filename
supplied by the server in the Content-Disposition header. To
re-enable previous behaviour, use the new xfer:auto-rename setting.
- CVE-2010-2251
-- Marc Deslauriers <email address hidden> Thu, 02 Sep 2010 15:55:33 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Jaunty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| lftp_3.7.8.orig.tar.gz | 1.8 MiB | dc121cc45d79a42b179a946090ea93db8f6fd07132f1a5ab2b224bdffa4e70a7 |
| lftp_3.7.8-1ubuntu0.1.diff.gz | 13.7 KiB | 574c09cb07ff16e59766d97b8f721c3e8bfd0d0bfe97a5ee48ca1061e453a43b |
| lftp_3.7.8-1ubuntu0.1.dsc | 1.1 KiB | 7a6beccb3a207ec4ab6d9fafd4d5630539a5ca653e164e7af0e81d51ab86a934 |
Available diffs
Binary packages built by this source
- lftp: No summary available for lftp in ubuntu jaunty.
No description available for lftp in ubuntu jaunty.
