-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: wget Version: 1.15-1 Severity: important Tags: fixed-upstream, security, upstream
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 """ Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. This commit changes the default settings in Wget such that Wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the Wget invokation command. """ - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlROLg0ACgkQXf6hBi6kbk//KgCfY1kB9+jp++XGb1GMlekuBirP IbEAoMBHvnAupKh7npnyUcyxyzk9R6R6 =uiOZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org