Date: Sat, 1 Nov 2014 13:13:36 +1100 From: Luke Mewburn <lukem@...BSD.org> To: oss-security@...ts.openwall.com Cc: Luke Mewburn <lukem@...BSD.org> Subject: tnftp 20141031 released to resolve CVE-2014-8517. Hi, Alistair Crooks (NetBSD Security Office) suggested that I notify this list. I've released an update of tnftp which contains NetBSD's fix to the recent CVS-2014-8517. tnftp is the portable version of NetBSD's ftp, and various distros use it. The release may be found at: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz and detached signature. ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftp-20141031.tar.gz.asc The relevant entries from the NEWS file are: === Changes in tnftp from 20130505 to 20141031: Ignore special character behaviour in filenames not provided by the user. Fixes CVE-2014-8517. Fix timeout on HTTP fetches. === regards, Luke. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.