Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 1 Nov 2014 13:13:36 +1100
From: Luke Mewburn <>
Cc: Luke Mewburn <>
Subject: tnftp 20141031 released to resolve CVE-2014-8517.


Alistair Crooks (NetBSD Security Office) suggested that I notify this list.

I've released an update of tnftp which contains NetBSD's fix
to the recent CVS-2014-8517.

tnftp is the portable version of NetBSD's ftp, and various
distros use it.

The release may be found at:
and detached signature.

The relevant entries from the NEWS file are:

Changes in tnftp from 20130505 to 20141031:

        Ignore special character behaviour in filenames not provided
	by the user.
	Fixes CVE-2014-8517.

	Fix timeout on HTTP fetches.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ