| Release | Version |
|---|---|
| jessie | 4.6.0-1+deb8u1 |
| stretch | 4.7.4-1 |
| buster | 4.8.4-2 |
| bullseye | 4.8.4-2 |
| bookworm | 4.9.2-2 |
| trixie | 4.9.2-3 |
| sid | 4.9.2-3 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10916 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | It has been discovered that lftp up to and including version 4.8.3 doe ... |
| Bug | Description |
|---|---|
| TEMP-0774769-57BAAA | saves unknown host's fingerprint in known_hosts without any prompt |
| CVE-2010-2251 | The get1 command, as used by lftpget, in LFTP before 4.0.6 does not pr ... |
| CVE-2007-2348 | mirror --script in lftp before 3.5.9 does not properly quote shell met ... |
| CVE-2003-0963 | Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ... |
| DSA / DLA | Description |
|---|---|
| DSA-2085-1 | lftp - file overwrite vulnerability |
| DSA-406 | lftp - buffer overflow |