Bug 602836
Summary: | CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001] [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> |
Component: | lftp | Assignee: | Jiri Skala <jskala> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 13 | CC: | aglotov, jskala, pertusus |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | lftp-4.0.8-1.fc12 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-06-30 15:09:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 591580 |
Description
Vincent Danen
2010-06-10 20:49:53 UTC
Fedora 13 and rawhide do have a fixed upstream version (4.0.7+), but this would need to be fixed for Fedora 12 and 11. lftp-4.0.8-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/lftp-4.0.8-1.fc12 lftp-4.0.8-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update lftp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/lftp-4.0.8-1.fc12 lftp-4.0.8-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |