Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 1 Nov 2014 13:13:36 +1100
From: Luke Mewburn <lukem@...BSD.org>
To: oss-security@...ts.openwall.com
Cc: Luke Mewburn <lukem@...BSD.org>
Subject: tnftp 20141031 released to resolve CVE-2014-8517.

Hi,

Alistair Crooks (NetBSD Security Office) suggested that I notify this list.

I've released an update of tnftp which contains NetBSD's fix
to the recent CVS-2014-8517.

tnftp is the portable version of NetBSD's ftp, and various
distros use it.

The release may be found at:
	ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz
and detached signature.
	ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz.asc

The relevant entries from the NEWS file are:

===
Changes in tnftp from 20130505 to 20141031:

        Ignore special character behaviour in filenames not provided
	by the user.
	Fixes CVE-2014-8517.

	Fix timeout on HTTP fetches.
===


regards,
Luke.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ