Date: Sat, 1 Nov 2014 13:13:36 +1100 From: Luke Mewburn <lukem@...BSD.org> To: oss-security@...ts.openwall.com Cc: Luke Mewburn <lukem@...BSD.org> Subject: tnftp 20141031 released to resolve CVE-2014-8517. Hi, Alistair Crooks (NetBSD Security Office) suggested that I notify this list. I've released an update of tnftp which contains NetBSD's fix to the recent CVS-2014-8517. tnftp is the portable version of NetBSD's ftp, and various distros use it. The release may be found at: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz and detached signature. ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz.asc The relevant entries from the NEWS file are: === Changes in tnftp from 20130505 to 20141031: Ignore special character behaviour in filenames not provided by the user. Fixes CVE-2014-8517. Fix timeout on HTTP fetches. === regards, Luke. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ