oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

tnftp 20141031 released to resolve CVE-2014-8517.

From: Luke Mewburn <lukem () NetBSD org>
Date: Sat, 1 Nov 2014 13:13:36 +1100
Hi,

Alistair Crooks (NetBSD Security Office) suggested that I notify this list.

I've released an update of tnftp which contains NetBSD's fix
to the recent CVS-2014-8517.

tnftp is the portable version of NetBSD's ftp, and various
distros use it.

The release may be found at:
        ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz
and detached signature.
        ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz.asc

The relevant entries from the NEWS file are:

===
Changes in tnftp from 20130505 to 20141031:

        Ignore special character behaviour in filenames not provided
        by the user.
        Fixes CVE-2014-8517.

        Fix timeout on HTTP fetches.
===


regards,
Luke.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: