On 4/4/19 3:14 AM, Secunia Research wrote: > Hello, > > We are currently processing a report published by a third-party [1] for GNU > wget and are currently evaluating it to publish a Secunia Advisory for this. > Please see the original report for details. > > We would appreciate to receive your comments on those issues before we > publish our advisory based on this information. > > * Can you confirm the vulnerability?
Yes > * Which products and versions are affected by the vulnerability? GNU Wget < 1.20.2 > * When do you expect to release fixed versions? 1.20.2 has been released on 1st April 2019 > * Are there any mitigating factors or recommended workarounds? Mitigate by updating to GNU Wget 1.20.2. If updating is not possible, as far as I can say: Use only trusted IRIs as input, do not *recursively* download from untrusted servers. Regards, Tim
signature.asc
Description: OpenPGP digital signature