-
lftp (3.7.15-1ubuntu2.1) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via dot file download
- debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
- This update changes previous behaviour by ignoring the filename
supplied by the server in the Content-Disposition header. To
re-enable previous behaviour, use the new xfer:auto-rename setting.
- CVE-2010-2251
-- Marc Deslauriers <email address hidden> Thu, 02 Sep 2010 15:34:40 -0400
-
lftp (3.7.15-1ubuntu2) karmic; urgency=low
* debian/rules:
- Remove '--without-ssl' from call to configure script as it is bogus and
doesn't do a thing.
- Change 'patch-stamp' to 'patch' to have the patches actually applied.
* debian/control:
- Add build dependency on pkg-config.
- Add build dependency on autoconf.
- Add build dependency on automake1.10.
* debian/patches/use-pkg-config-instead-of-libgnutls-config.dpatch:
- Patch configure.ac to correctly detect version of gnutls, per
http://www.mail-archive.com/lftp-devel%40uniyar.ac.ru/msg01706.html
- Fix autotools syntax issue (Thanks to Stefan Potyra's help).
* debian/patches/00list: Refreshed.
-- <email address hidden> (Cody A.W. Somerville) Tue, 13 Oct 2009 16:45:42 -0300
-
lftp (3.7.15-1ubuntu1) karmic; urgency=low
* Build-depend on libreadline-dev instead of libreadline5-dev.
-- Matthias Klose <email address hidden> Sat, 19 Sep 2009 22:46:51 +0200
-
lftp (3.7.15-1) unstable; urgency=low
* new upstream release from 2009-07-21
* debian/control updated Standards-Version: (no updates needed)
* debian/compat debian/control raised debhelper to 5
* debian/control removed URL in description because we have Homepage:
* debian/control added ${misc:Depends} to Depends
* debian/rules debian/docs removed outdated ChangeLog from the package
and handle NEWS as the changelog because upstream documents it there
lftp (3.7.14-1) unstable; urgency=low
* new upstream release from 2009-05-15
-- Simon Olofsson <email address hidden> Fri, 11 Sep 2009 16:04:37 +0100
-
lftp (3.7.13-1) unstable; urgency=low
* new upstream release from 2009-04-28
- fixed core dump on 'mput -d' command (closes: Bug#517428)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 14 May 2009 17:47:57 +0100
-
lftp (3.7.8-1) unstable; urgency=low
* new upstream release from 2009-01-23
- changed license of lftp from GPL 2 to GPL 3
(upstream changed it in 3.7.7)
- removed included 504638-memory_corruption.patch
-- Jonathan Thomas <email address hidden> Sat, 14 Feb 2009 00:45:52 +0000