-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:213
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : lftp
 Date    : April 29, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated lftp packages fix security vulnerability:
 
 lftp incorrectly validates wildcard SSL certificates containing literal
 IP addresses, so under certain conditions, it would allow and use a
 wildcard match specified in the CN field, allowing a malicious server
 to participate in a MITM attack or just fool users into believing
 that it is a legitimate site (CVE-2014-0139).
 
 lftp was affected by this issue as it uses code from cURL for checking
 SSL certificates.  The curl package was fixed in MDVSA-2015:098.
 __________________