Hi Alexander, * Dne Úterý 10. únor 2015, 13:25:03 [CET] Alexander V. Lukyanov napsal: > On Tue, Dec 09, 2014 at 06:46:32PM +0100, Vitezslav Cizek wrote: > > Hi, > > I've noticed lftp is using code borrowed from curl. > > That makes lftp affected by CVE-2014-0139: > > http://curl.haxx.se/docs/adv_20140326B.html > > > > It's not the most critical vulnerability, but anyway, > > I'll suggest to update to code from latest curl for the next release. > > Thanks for report! > > I've included hostmatch function from the latest curl. The fixed > version is in github now and a snapshot is here: > http://lftp.yar.ru/ftp/devel/lftp-4.6.1.20150210.tar.gz
Thanks for fixing it! -- Vita Cizek
signature.asc
Description: Digital signature
_______________________________________________ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
