tags 774769 + upstream forwarded 774769 https://github.com/lavv17/lftp/issues/116 thanks
Hello Marcin,
Am Mittwoch, den 07.01.2015, 12:39 +0100 schrieb Marcin Szewczyk:
> From the src/SSH_Access.cc file:
> 47: const char *y="(yes/no)?";
> 73: if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len))
> 74: {
> 75: pty_recv_buf->Put("yes\n");
> 76: pty_send_buf->Put("yes\n");
> 77: return m;
> 78: }
>
> Not only does it make a particular SFTP file transfer insecure, but also
> any future connection via any SSH client.
...
Thanks for your report. I agree the user should be asked and forwarded
your report to the upstream issue tracker.
Regards
Noël
--
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
signature.asc
Description: This is a digitally signed message part
