[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH] the libidn problem
From: |
Tim Ruehsen |
Subject: |
[Bug-wget] [PATCH] the libidn problem |
Date: |
Tue, 30 Jun 2015 10:04:25 +0200 |
User-agent: |
KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; ) |
Thanks for the reminder, Daniel.
Here is a patch for Wget.
@Ander, just saw your mail when I was done with a patch.
Please have a look, it just accepts 1-4 bytes sequences.
Regards, Tim
On Monday 29 June 2015 23:14:39 Daniel Stenberg wrote:
> Hi,
>
> The libidn issue that was previously reported[1], is still outstanding and
> hasn't been fixed in libidn. This keeps wget vulnerable.
>
> I've just recommended[2] libcurl users to disable libidn until this gets
> resolved, as it seems it may drag on and keeping vulnerable code around is
> not good.
>
> [1] = https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00002.html
> [2] = http://curl.haxx.se/mail/lib-2015-06/0143.html
0001-Work-around-a-libidn-1.30-vulnerability.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part.