oss-sec mailing list archives
tnftp 20141031 released to resolve CVE-2014-8517.
From: Luke Mewburn <lukem () NetBSD org>
Date: Sat, 1 Nov 2014 13:13:36 +1100
Hi, Alistair Crooks (NetBSD Security Office) suggested that I notify this list. I've released an update of tnftp which contains NetBSD's fix to the recent CVS-2014-8517. tnftp is the portable version of NetBSD's ftp, and various distros use it. The release may be found at: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz and detached signature. ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz.asc The relevant entries from the NEWS file are: === Changes in tnftp from 20130505 to 20141031: Ignore special character behaviour in filenames not provided by the user. Fixes CVE-2014-8517. Fix timeout on HTTP fetches. === regards, Luke.
Attachment:
_bin
Description:
Current thread:
- tnftp 20141031 released to resolve CVE-2014-8517. Luke Mewburn (Oct 31)