Fedora Legacy Test Update Notification: gftp

Marc Deslauriers marcdeslauriers at videotron.ca
Fri May 6 02:04:41 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152908
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152908
2005-05-05
---------------------------------------------------------------------

Name        : gftp
Versions    : rh7.3: gftp-2.0.11-2.2.legacy
Versions    : rh9: gftp-2.0.14-2.2.legacy
Versions    : fc1: gftp-2.0.17-0.FC1.1.legacy
Summary     : A multi-threaded FTP client for the X Window System.
Description :
gFTP is a multi-threaded FTP client for the X Window System. gFTP
supports simultaneous downloads, resumption of interrupted file
transfers, file transfer queues to allow downloading of multiple
files, support for downloading entire directories/subdirectories, a
bookmarks menu to allow quick connection to FTP sites, caching of
remote directory listings, local and remote chmod, drag and drop, a
connection manager, and much more.

---------------------------------------------------------------------
Update Information:

Updated gftp packages that fix a security issue are now available.

gFTP is a multi-threaded FTP client for the X Window System.

A directory traversal vulnerability was discovered in gftp. A remote
malicious FTP server could read, overwrite or create arbitrary files
via .. (dot dot) sequences in the filenames returned from a LIST
command. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0372 to this issue.

Users of gftp are advised to upgrade to these errata packages, which
contain a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu May 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.11-2.2.legacy
- Added missing glib-devel and gtk+-devel to BuildRequires

* Wed Mar 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.11-2.1.legacy
- Added security patch for CAN-2005-0372

rh9:
* Thu May 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.14-2.2.legacy
- Added missing glib-devel, gtk2-devel, desktop-file-utils,
  ncurses-devel and readline-devel BuildRequires

* Wed Mar 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.14-2.1.legacy
- Added security patch for CAN-2005-0372

fc1:
* Wed Mar 09 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.17-0.FC1.1.legacy
- Added security patch for CAN-2005-0372

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
49e794d3f8b144e55560c79960cedc487d737bb6
redhat/7.3/updates-testing/i386/gftp-2.0.11-2.2.legacy.i386.rpm
428080cb2efba4e5ad3df31150fc244f13f6b02c
redhat/7.3/updates-testing/SRPMS/gftp-2.0.11-2.2.legacy.src.rpm

rh9:
3c1812e77892b5a00167a3894983398dc467e262
redhat/9/updates-testing/i386/gftp-2.0.14-2.2.legacy.i386.rpm
ddf0ebe73fa8410ac213f6141ca97b3b75e34d5f
redhat/9/updates-testing/SRPMS/gftp-2.0.14-2.2.legacy.src.rpm

fc1:
93823674913c4796c06d8f4e37895e3573ea17fe
fedora/1/updates-testing/i386/gftp-2.0.17-0.FC1.1.legacy.i386.rpm
6d5276c8e90ebf111e907e04602fac5e45624737
fedora/1/updates-testing/SRPMS/gftp-2.0.17-0.FC1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050505/9fa635a9/attachment.sig>

More information about the fedora-legacy-list mailing list