[ubuntu/jaunty-security] lftp_3.7.8-1ubuntu0.1_hppa_translations.tar.gz, lftp, lftp_3.7.8-1ubuntu0.1_powerpc_translations.tar.gz, lftp_3.7.8-1ubuntu0.1_lpia_translations.tar.gz, lftp_3.7.8-1ubuntu0.1_sparc_translations.tar.gz (delayed), lftp_3.7.8-1ubuntu0.1_amd64_translations.tar.gz, lftp_3.7.8-1ubuntu0.1_i386_translations.tar.gz, lftp_3.7.8-1ubuntu0.1_armel_translations.tar.gz, lftp_3.7.8-1ubuntu0.1_ia64_translations.tar.gz 3.7.8-1ubuntu0.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Sep 7 19:03:57 BST 2010


lftp (3.7.8-1ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary file overwrite via dot file download
    - debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
      in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
    - This update changes previous behaviour by ignoring the filename
      supplied by the server in the Content-Disposition header. To
      re-enable previous behaviour, use the new xfer:auto-rename setting.
    - CVE-2010-2251

Date: Thu, 02 Sep 2010 15:55:33 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/lftp/3.7.8-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 02 Sep 2010 15:55:33 -0400
Source: lftp
Binary: lftp
Architecture: source
Version: 3.7.8-1ubuntu0.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 lftp       - Sophisticated command-line FTP/HTTP client programs
Changes: 
 lftp (3.7.8-1ubuntu0.1) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary file overwrite via dot file download
     - debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
       in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
     - This update changes previous behaviour by ignoring the filename
       supplied by the server in the Content-Disposition header. To
       re-enable previous behaviour, use the new xfer:auto-rename setting.
     - CVE-2010-2251
Checksums-Sha1: 
 fa28a042390d2d3a789524cc9d6c1358c04fbbfe 1151 lftp_3.7.8-1ubuntu0.1.dsc
 f72f91de9d34547fa80ad8bb7817730b57969c3e 14075 lftp_3.7.8-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 7a6beccb3a207ec4ab6d9fafd4d5630539a5ca653e164e7af0e81d51ab86a934 1151 lftp_3.7.8-1ubuntu0.1.dsc
 574c09cb07ff16e59766d97b8f721c3e8bfd0d0bfe97a5ee48ca1061e453a43b 14075 lftp_3.7.8-1ubuntu0.1.diff.gz
Files: 
 4b8c86550b9d42c9d9b2677868e9e462 1151 net optional lftp_3.7.8-1ubuntu0.1.dsc
 b04d88a4d5afefd2cf2cc018da908082 14075 net optional lftp_3.7.8-1ubuntu0.1.diff.gz
Original-Maintainer: Noèl Köthe <noel at debian.org>


More information about the Jaunty-changes mailing list