From owner-cvs-all  Tue Jun 13  9:39:55 2000
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1366337B551; Tue, 13 Jun 2000 09:39:50 -0700 (PDT)
	(envelope-from obrien@FreeBSD.org)
Received: (from obrien@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA46294;
	Tue, 13 Jun 2000 09:39:49 -0700 (PDT)
	(envelope-from obrien@FreeBSD.org)
Message-Id: <200006131639.JAA46294@freefall.freebsd.org>
From: "David E. O'Brien" <obrien@FreeBSD.org>
Date: Tue, 13 Jun 2000 09:39:49 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/ftp/wget/patches patch-ftp.c
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

obrien      2000/06/13 09:39:49 PDT

  Added files:
    ftp/wget/patches     patch-ftp.c 
  Log:
  Fix chmod symlink vulnerability where when invoked with the -N option, it
  tries to chmod downloaded symlinks, but actually permissions are changed at
  target files.  There is the potential to chmod target files to
  world-writable.
  
  Submitted by:	Jun Kuriyama <kuriyama@FreeBSD.org>
  		Koga Youichirou <y-koga@jp.freebsd.org>
  Obtained from:	Const Kaplinsky <const@ce.cctpu.edu.ru> (BugTraq Feb 02, 1999)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message