Control: tags -1 fixed-upstream thanks On Fri, Nov 22, 2024 at 07:05:59AM +0100, Salvatore Bonaccorso wrote: > CVE-2024-10524[0]: > | Applications that use Wget to access a remote resource using > | shorthand URLs and pass arbitrary user credentials in the URL are > | vulnerable. In these cases attackers can enter crafted credentials > | which will cause Wget to access an arbitrary host.
JFTR, upstream release 1.25.0 (2024-11-10) mentions | ** [Breaking change] Drop support for shorthand FTP URLs (CVE-2024-10524) cf. <https://git.savannah.gnu.org/cgit/wget.git/tree/NEWS>. <https://qa.debian.org/cgi-bin/watch?pkg=wget> doesn't list this version due to <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011450>. Cheers, Flo
signature.asc
Description: PGP signature
