X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:from:to:subject:date:message-id :mime-version:content-type:content-transfer-encoding; q=dns; s= default; b=tinpUVhBacmlrgTR/yHvErQB1SMvBZq3ZczvqJ5KR8clXS3xkHqhL p2dj5dpBRPmAlUiPRfpZzXDF4m5xZ3FIlI89NYkDYPkKv3dM6y90i415v3jKAqK+ J5Nq5Rmg3aRSr59xAfptLhH477sgOXorHMmHPY+Fj5ynqU2vvvCA2Q= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:from:to:subject:date:message-id :mime-version:content-type:content-transfer-encoding; s=default; bh=CQGKkdF7sAooKmtr7yv/POz5VJw=; b=UBRJ6m6E89hNLu2+gkJGcKKGPgTu J2SCz720k7x7Mvd16W8WkUTFHtPuKSotCU0b7XumeqL586JcJG8Re1wAojWMLEI/ Q+isrlbUd6G4FOaRXxDqH1XR+mAhDJvDmT04M/UstRiKApszlmyDfbMeQ5Q2sC/Y yARNLQERv2CWDV0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Reply-To: cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.3 required=5.0 tests=AWL,BAYES_40,RCVD_IN_DNSWL_NONE,UNSUBSCRIBE_BODY autolearn=no version=3.3.2 From: Andrew Schulman To: cygwin AT cygwin DOT com Subject: [ANNOUNCEMENT] [SECURITY] Updated: lftp 4.6.1-2 Date: Mon, 23 Mar 2015 03:38:33 -0400 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Archive: encrypt Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t2N7f7we011960 A new version of lftp, 4.6.1-2, is available in the Cygwin distribution. This is a security update. It fixes a bug in which lftp would by default save the key fingerprint of unverified hosts in the ssh known_hosts file (https://bugzilla.redhat.com/show_bug.cgi?id=1180209). The patched version adds two new boolean options, fish:auto-confirm and sftp:auto-confirm, which determine whether lftp will automatically answer "yes" to all ssh questions, in particular to the question about a new host key. The default for both options is "no". All lftp users are urged to upgrade to the new release. lftp is a sophisticated file transfer program and ftp/http/bittorrent client. It supports multiple network protocols. It uses the readline library for input, so it offers tab completion and command history. It has job control and bookmarks. It can mirror sites and transfer multiple files in parallel. It keeps trying interrupted operations until it can complete them. Andrew E. Schulman ******************************************************************* To update your installation, click on the "Install Cygwin now" link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com_at_cygwin.com If you need more information on unsubscribing, start reading here: http://cygwin.com/lists.html#subscribe-unsubscribe Please read *all* of the information on unsubscribing that is available starting at this URL. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple