Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 539640 (CVE-2014-0139)

Summary: <net-ftp/lftp-4.6.2:incorrectly validates wildcard SSL certificates containing literal IP addresses using code borrowed from libcurl (CVE-2014-0139)
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://comments.gmane.org/gmane.network.lftp.user/2699
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 536036    
Bug Blocks:    

Description Jeroen Roovers (RETIRED) gentoo-dev 2015-02-10 15:58:14 UTC 
This is already addressed in a development release 4.6.1.20150210 but not in a stable release.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-25 05:30:27 UTC 
All done.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2015-06-06 15:00:08 UTC 
Arches and Maintainer(s), Thank you for your work.

Security Please Vote.
First GLSA Vote: No
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2015-06-30 22:37:58 UTC 
NO too, closing.