-
lftp (3.7.8-1ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via dot file download
- debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
- This update changes previous behaviour by ignoring the filename
supplied by the server in the Content-Disposition header. To
re-enable previous behaviour, use the new xfer:auto-rename setting.
- CVE-2010-2251
-- Marc Deslauriers <email address hidden> Thu, 02 Sep 2010 15:55:33 -0400
-
lftp (3.7.8-1) unstable; urgency=low
* new upstream release from 2009-01-23
- changed license of lftp from GPL 2 to GPL 3
(upstream changed it in 3.7.7)
- removed included 504638-memory_corruption.patch
-- Jonathan Thomas <email address hidden> Sat, 14 Feb 2009 00:45:52 +0000
-
lftp (3.7.5-1) unstable; urgency=low
* new upstream release from 2008-11-07
* adding upstream patch to fix memory corruption
504638-memory_corruption.patch
(closes: Bug#504638)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Nov 2008 09:41:27 +0000
-
lftp (3.7.4-1) unstable; urgency=low
* new upstream release from 2008-08-06
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:29:03 +0000
-
lftp (3.7.3-1build1) intrepid; urgency=low
* No-change rebuild for libgnutls13 -> libgnutls26 transistion.
-- Steve Kowalik <email address hidden> Sat, 11 Oct 2008 01:28:17 +1100
