Hi Alexander,
* Dne Úterý 10. únor 2015, 13:25:03 [CET] Alexander V. Lukyanov napsal:
On Tue, Dec 09, 2014 at 06:46:32PM +0100, Vitezslav Cizek wrote:
Hi,
I've noticed lftp is using code borrowed from curl.
That makes lftp affected by CVE-2014-0139:
http://curl.haxx.se/docs/adv_20140326B.html
It's not the most critical vulnerability, but anyway,
I'll suggest to update to code from latest curl for the next release.
Thanks for report!
I've included hostmatch function from the latest curl. The fixed
version is in github now and a snapshot is here:
http://lftp.yar.ru/ftp/devel/lftp-4.6.1.20150210.tar.gz
Thanks for fixing it!
--
Vita Cizek
signature.asc
Description: Digital signature
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp