On 04.04.19 09:27, Tim Rühsen wrote: > On 4/4/19 3:14 AM, Secunia Research wrote: >> Hello, >> >> We are currently processing a report published by a third-party [1] for GNU >> wget and are currently evaluating it to publish a Secunia Advisory for this. >> Please see the original report for details. >> >> We would appreciate to receive your comments on those issues before we >> publish our advisory based on this information. >> >> * Can you confirm the vulnerability? > > Yes
Can you please elaborate what EXACTLY the vulnerability is? I have searched through the (quite hefty) diff between 1.20.1 and 1.20.2 and have found only 4 differences that may be viewed as these, but the changes in src/ftp-ls.c and src/http.c do not fix a vulnerability. The CVE-entry is not quite helpful, to say the least ;-) Thanks, Josef -- SUSE Linux GmbH Maxfeldstrasse 5 90409 Nuernberg Germany GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg)
signature.asc
Description: OpenPGP digital signature
