[ANNOUNCEMENT] [SECURITY] Updated: lftp 4.6.1-2

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Andrew Schulman <schulman.andrew@epa.gov>
To: cygwin@cygwin.com
Subject: [ANNOUNCEMENT] [SECURITY] Updated: lftp 4.6.1-2
Date: Mon, 23 Mar 2015 08:24:00 -0000	[thread overview]
Message-ID: <announce.cagvgapira9s7s6i3h25pit42rgn9qutl9@4ax.com> (raw)

A new version of lftp, 4.6.1-2, is available in the Cygwin distribution. 

This is a security update.  It fixes a bug in which lftp would by default save
the key fingerprint of unverified hosts in the ssh known_hosts file
(https://bugzilla.redhat.com/show_bug.cgi?id=1180209).  The patched version adds
two new boolean options, fish:auto-confirm and sftp:auto-confirm, which
determine whether lftp will automatically answer "yes" to all ssh questions, in
particular to the question about a new host key.  The default for both options
is "no".

All lftp users are urged to upgrade to the new release.

lftp is a sophisticated file transfer program and ftp/http/bittorrent client. It
supports multiple network protocols.  It uses the readline library for input, so
it offers tab completion and command history.  It has job control and bookmarks.
It can mirror sites and transfer multiple files in parallel. It keeps trying
interrupted operations until it can complete them.

Andrew E. Schulman

*******************************************************************

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com_at_cygwin.com

If you need more information on unsubscribing, start reading here: 

http://cygwin.com/lists.html#subscribe-unsubscribe

Please read *all* of the information on unsubscribing that is available
starting at this URL.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

                 reply	other threads:[~2015-03-23  7:40 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=announce.cagvgapira9s7s6i3h25pit42rgn9qutl9@4ax.com \
    --to=schulman.andrew@epa.gov \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).