On Wed, Jan 07, 2015 at 02:25:49PM +0100, Noël Köthe wrote:
> tags 774769 + upstream
> forwarded 774769 https://github.com/lavv17/lftp/issues/116
> thanks
>
> Hello Marcin,
>
> Am Mittwoch, den 07.01.2015, 12:39 +0100 schrieb Marcin Szewczyk:
>
> > From the src/SSH_Access.cc file:
> > 47: const char *y="(yes/no)?";
> > 73: if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len))
> > 74: {
> > 75: pty_recv_buf->Put("yes\n");
> > 76: pty_send_buf->Put("yes\n");
> > 77: return m;
> > 78: }
> >
> > Not only does it make a particular SFTP file transfer insecure, but also
> > any future connection via any SSH client.
> ...
>
> Thanks for your report. I agree the user should be asked and forwarded
> your report to the upstream issue tracker.
Since this has been fixed upstream, could you pick the fix for
jessie?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
