Subject: CVS commit: pkgsrc/net/lftp
To: None <pkgsrc-changes@NetBSD.org>
From: Quentin Garnier <cube@netbsd.org>
List: pkgsrc-changes
Date: 12/14/2003 15:48:37
Module Name:	pkgsrc
Committed By:	cube
Date:		Sun Dec 14 15:48:37 UTC 2003

Modified Files:
	pkgsrc/net/lftp: Makefile distinfo

Log Message:
Update to version 2.6.10.  This version contains a fix for a buffer
overflow vulnerability in the HTML parser code affecting "ls" command on
malicious HTTP server.

See http://lists.netsys.com/pipermail/full-disclosure/2003-December/014824.html

Version 2.6.10 - 2003-12-11

* security fixes in html parsing code.
* fxp between ftps session is now possible (unencrypted yet).
* fixed a rare bug with access to freed memory in ftp.
* fixed a bug in mirror, now it does not incorrectly append directory name
  when target directory is the root.
* fixed compilation on AIX.
* Polish translation updated.


To generate a diff of this commit:
cvs rdiff -r1.29 -r1.30 pkgsrc/net/lftp/Makefile
cvs rdiff -r1.13 -r1.14 pkgsrc/net/lftp/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.