Repository 32bit  Forum
Repository 64bit  Wiki
Thu Aug 2 20:12:10 UTC 2018
patches/packages/lftp-4.8.4-i586-1_slack14.2.txz: Upgraded.
  It has been discovered that lftp up to and including version 4.8.3 does
  not properly sanitize remote file names, leading to a loss of integrity
  on the local system when reverse mirroring is used. A remote attacker
  may trick a user to use reverse mirroring on an attacker controlled FTP
  server, resulting in the removal of all files in the current working
  directory of the victim's system.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
  (* Security fix *)