lftp security update

CentOS Errata and Security Advisory CESA-2020:1045

LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multiple files at the same time.

Security Fix(es):

• lftp: particular remote file names may lead to current working directory erased (CVE-2018-10916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2020-April/032560.html

Affected packages:
lftp
lftp-scripts

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:1045