On Mon, Jan 03, 2005 at 11:16:34PM +0100, Mauro Tortonesi wrote:
> Alle 22:09, domenica 2 gennaio 2005, Jan Minar ha scritto:
> > On Sun, Jan 02, 2005 at 01:37:36AM +0100, Mauro Tortonesi wrote:
> especially after you've posted a bug report on bugtraq (which was more a
> pe
On Sun, Jan 02, 2005 at 01:37:36AM +0100, Mauro Tortonesi wrote:
> i have just commited the new string.c module which includes a mechanism to
> fix
> the bug reported by no?l köthe:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271931
#271931 is:
>>> From: Ambrose Li <[EMAIL PROTECTED]>
nux, probably POSIX, others?
Tested:1.8.1-6 (Debian Woody)
1.9.1-4 (Debian Sarge)
Problems: Overwriting/appending/creating files and directories
Retrieving file existence, size, permissions info
Etc.
Remote?: Both remote and local
Author: Jan Mi
On Sun, Aug 22, 2004 at 08:02:54PM +0200, Jan Minar wrote:
> +/* vasprintf() requires _GNU_SOURCE. Which is OK with Debian. */
> +#ifndef _GNU_SOURCE
> +#define _GNU_SOURCE
This must be done before stdio.h is included.
> +#endif
> +#include
> +
> #ifndef errno
> ext
tags 261755 +patch
thanks
On Sun, Aug 22, 2004 at 11:39:07AM +0200, Thomas Hood wrote:
> The changes contemplated look very invasive. How quickly can this
> bug be fixed?
Here we go: Hacky, non-portable, but pretty slick & non-invasive,
whatever that means. Now I'm going to check whether it is
Package: wget
Version: 1.8.1-6.1
Severity: grave
Justification: user security hole
Tags: security patch
Hi.
Wget does absolutely no filtering of the server-supplied error messages,
and redirection URLs. And probably just anywhere else.
Both 1.8 & 1.9 branches exhibit this behaviour.
A simple n