Updated lftp packages fix security vulnerability:

lftp incorrectly validates wildcard SSL certificates containing literal
IP addresses, so under certain conditions, it would allow and use a
wildcard match specified in the CN field, allowing a malicious server
to participate in a MITM attack or just fool users into believing
that it is a legitimate site (CVE-2014-0139).

lftp was affected by this issue as it uses code from cURL for checking
SSL certificates. The curl package was fixed in MDVSA-2015:098.