-
lftp (4.0.2-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via dot file download
- debian/patches/CVE-2010-2251.dpatch: don't use server-provided names
in src/{FileAccess,FileCopy,GetJob,commands,resource}.cc.
- This update changes previous behaviour by ignoring the filename
supplied by the server in the Content-Disposition header. To
re-enable previous behaviour, use the new xfer:auto-rename setting.
- CVE-2010-2251
-- Marc Deslauriers <email address hidden> Thu, 02 Sep 2010 15:28:37 -0400
-
lftp (4.0.2-1) unstable; urgency=low
* new upstream release 4.0.2 from 2009-09-23
- included gnutls >2.7 (use pkgconfig) Thanks Andreas Methler
closes: Bug#529906
* debian/control added Build-Dep pkg-config
* debian/control no changes needed for Standard-Version 3.8.3
* debian/control changed Build-Dep from libreadline5-dev to
libreadline-dev
-- Steve Kowalik <email address hidden> Mon, 16 Nov 2009 00:51:27 +0000
-
lftp (3.7.15-1ubuntu2) karmic; urgency=low
* debian/rules:
- Remove '--without-ssl' from call to configure script as it is bogus and
doesn't do a thing.
- Change 'patch-stamp' to 'patch' to have the patches actually applied.
* debian/control:
- Add build dependency on pkg-config.
- Add build dependency on autoconf.
- Add build dependency on automake1.10.
* debian/patches/use-pkg-config-instead-of-libgnutls-config.dpatch:
- Patch configure.ac to correctly detect version of gnutls, per
http://www.mail-archive.com/lftp-devel%40uniyar.ac.ru/msg01706.html
- Fix autotools syntax issue (Thanks to Stefan Potyra's help).
* debian/patches/00list: Refreshed.
-- <email address hidden> (Cody A.W. Somerville) Tue, 13 Oct 2009 16:45:42 -0300
