wget/curl vul
Frank J. Laszlo
laszlof at vonostingroup.com
Thu Oct 20 04:51:32 PDT 2005
Joel Hatton wrote:
>Hi Frank,
>
>
>>freebsd-security at auscert.org.au wrote:
>>
>>>Hi,
>>>
>>>Are plans afoot to upgrade wget soon?
>>>
>>>
>>ftp/wget was updated on 8/28/05. and ftp/curl on 10/14/05. cvsup your ports.
>>
>
>I do. Regularly. I've also done so in the last 5 minutes. Wget has a
>vulnerability that was corrected at 1.10.2; the port still sources 1.10.1,
>and has no patch that appears to correct this. According to:
>
>http://www.gnu.org/software/wget/wget.html
>
>"The latest stable version of Wget is 1.10.2. This release contains fixes
>for a major security problem: a remotely exploitable buffer overflow
>vulnerability in the NTLM authentication code. All Wget users are strongly
>encouraged to upgrade their Wget installation to the last release."
>
>Are plans afoot to upgrade wget to 1.10.2 soon? Otherwise, I'd like to
>know if you believe that the FreeBSD port as it stands is not vulnerable.
>
>
My mistake, I only read part of the vulnerability report. If the
maintainer hasnt allready, I'll submit an
update for wget.
Regards,
Frank Laszlo
More information about the freebsd-ports
mailing list