On Wed, Oct 07, 2009 at 10:33:29AM -0400, John D. Mort wrote: > I guess the fact that I'm actually paying attention to what's getting > upgraded when I run updates is something of a milestone in my > competency with linux. I just noticed that wget was going to get > updated. Anyone know where I can look up what the change notes are > for ubuntu package updates? My googlemancy has failed me.
It was probably this: """ It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. """ which is a pretty major security issue. (though in this case I only know that because I follow the security announcements on bugtraq, and remembered this coming through yesterday. I don't use deb/apt, so seans response is probably best.) -m -- Mike Kershaw/Dragorn <[email protected]> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 "Remember the book store down the road? That then became a book and coffee shop? Now it's a 24-hour just-coffee shop. It's like evolution, only, without the getting better."
pgpi8JipawXoD.pgp
Description: PGP signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 7 - Glade - Linux GUIs made easy Nov 4 - Google Wave Dec 2 - MythTV Jan 6 - Git
