Description: A vulnerability has been reported in gFTP, which can be exploited by malicious people to conduct directory traversal attacks. The vulnerability is caused due to a missing input validation when handling filenames returned by FTP servers. This can be exploited via a directory traversal attack to create or overwrite arbitrary files by returning a specially crafted filename. Solution: Update to version 2.0.18. http://www.gftp.org/
already bumped. arch's please mark stable.
stable on amd64
uncalling archs, sorry :( some outstanding issues with gftp need to be resolved before .18 gets marked stable.
added 2.0.18-r1 with a buildtime fix. reset all keywords to ~arch for the bump, marked x86 stable.
stable on amd64, again. :)
stable on ppc64
sparc stable.
This is CAN-2005-0372
Marked ppc stable.
GLSA drafted by vorlon and ready to go
GLSA 200502-27 Thanks everyone