wget Vulnerability

Habichtsberg, Reinhard RHabichtsberg at arz-emmendingen.de
Wed Jul 6 11:21:01 CEST 2016


Hi all,

Sorry, I'm new here. May I ask a question in this list: There is a vulnerability issue with wget (see below pls.). Newest wget in opencsw is GNU Wget 1.16.3. Is it intended to release a fixed version of wget here soon?

Generally asked: Is there any process that ensures the fix of security issues in the opencsw project?


-----------------------------------------------------------------------------------------
>From SB16-186: Vulnerability Summary for the Week of June 27, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology<http://www.nist.gov> (NIST) National Vulnerability Database<http://nvd.nist.gov> (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security<http://www.dhs.gov> (DHS) National Cybersecurity and Communications Integration Center<https://www.us-cert.gov/nccic> (NCCIC) / United States Computer Emergency Readiness Team<https://www.us-cert.gov> (US-CERT). For modified or updated entries, please visit the NVD<http://nvd.nist.gov>, which contains historical vulnerability information
Vulnerability Summary for CVE-2016-4971
Original release date: 06/30/2016
Last revised: 07/01/2016
Source: US-CERT/NIST
Overview
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
---------------------------------------------------------------------------------------------

TIA, Reinhard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20160706/eef129df/attachment.html>


More information about the users mailing list