FileZilla Client version 3.1.0.1 fixes a minor security issue: Quoting upstream news page: FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers. If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown. Impact: An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases. Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers. Affected versions: All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1 Reference: http://filezilla-project.org/
filezilla-3.1.0.1-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update filezilla'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6865
filezilla-3.1.0.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
filezilla-3.1.0.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.