A vulnerability has been reported in gFTP, which can be exploited by malicious people to conduct directory traversal attacks.
The vulnerability is caused due to a missing input validation when handling filenames returned by FTP servers. This can be exploited via a directory traversal attack to create or overwrite arbitrary files by returning a specially crafted filename.
Update to version 2.0.18.
arch's please mark stable.
stable on amd64
uncalling archs, sorry :(
some outstanding issues with gftp need to be resolved before .18 gets marked stable.
added 2.0.18-r1 with a buildtime fix. reset all keywords to ~arch for the bump, marked x86 stable.
stable on amd64, again. :)
stable on ppc64
This is CAN-2005-0372
Marked ppc stable.
GLSA drafted by vorlon and ready to go