Date: Thu, 20 Oct 2005 07:50:37 -0400 From: "Frank J. Laszlo" <laszlof@vonostingroup.com> To: Joel Hatton <joel@auscert.org.au> Cc: ports@FreeBSD.org, sf@FreeBSD.org, freebsd-security@auscert.org.au Subject: Re: wget/curl vul Message-ID: <4357848D.2030109@vonostingroup.com> In-Reply-To: <200510200409.j9K49T9h002380@app.auscert.org.au> References: <200510200409.j9K49T9h002380@app.auscert.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Joel Hatton wrote: >Hi Frank, > > >>freebsd-security@auscert.org.au wrote: >> >>>Hi, >>> >>>Are plans afoot to upgrade wget soon? >>> >>> >>ftp/wget was updated on 8/28/05. and ftp/curl on 10/14/05. cvsup your ports. >> > >I do. Regularly. I've also done so in the last 5 minutes. Wget has a >vulnerability that was corrected at 1.10.2; the port still sources 1.10.1, >and has no patch that appears to correct this. According to: > >http://www.gnu.org/software/wget/wget.html > >"The latest stable version of Wget is 1.10.2. This release contains fixes >for a major security problem: a remotely exploitable buffer overflow >vulnerability in the NTLM authentication code. All Wget users are strongly >encouraged to upgrade their Wget installation to the last release." > >Are plans afoot to upgrade wget to 1.10.2 soon? Otherwise, I'd like to >know if you believe that the FreeBSD port as it stands is not vulnerable. > > My mistake, I only read part of the vulnerability report. If the maintainer hasnt allready, I'll submit an update for wget. Regards, Frank Laszlo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4357848D.2030109>