Package: gftp Version: 2.0.17+cvs20050102-3 Severity: critical Tags: security, sarge
DSA 686-1: ---------- Albert Puigsech Galicia discovered a directory traversal vulnerability in a proprietary FTP client (CAN-2004-1376) which is also present in gftp, a GTK+ FTP client. A malicious server could provide a specially crafted filename that could cause arbitrary files to be overwritten or created by the client. This problem has been fixed in version 2.0.18-1, however Sarge has still version 2.0.17+cvs20050102-3. gftp version 2.0.18-1 is only waiting for gtk+2.0 in order to move to Sarge. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages gftp depends on: ii gftp-gtk 2.0.18-1 X/GTK+ FTP client ii gftp-text 2.0.18-1 colored FTP client using GLib -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
