[Bug-wget] [PATCH] the libidn problem

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH] the libidn problem

From:	Tim Ruehsen
Subject:	[Bug-wget] [PATCH] the libidn problem
Date:	Tue, 30 Jun 2015 10:04:25 +0200
User-agent:	KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; )

Thanks for the reminder, Daniel.

Here is a patch for Wget.

@Ander, just saw your mail when I was done with a patch.
Please have a look, it just accepts 1-4 bytes sequences.

Regards, Tim

On Monday 29 June 2015 23:14:39 Daniel Stenberg wrote:
> Hi,
>
> The libidn issue that was previously reported[1], is still outstanding and
> hasn't been fixed in libidn. This keeps wget vulnerable.
>
> I've just recommended[2] libcurl users to disable libidn until this gets
> resolved, as it seems it may drag on and keeping vulnerable code around is
> not good.
>
> [1] = https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00002.html
> [2] = http://curl.haxx.se/mail/lib-2015-06/0143.html

0001-Work-around-a-libidn-1.30-vulnerability.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] the libidn problem, Daniel Stenberg, 2015/06/29
- Re: [Bug-wget] the libidn problem, Ander Juaristi, 2015/06/30
  - Re: [Bug-wget] the libidn problem, Daniel Stenberg, 2015/06/30
    - Re: [Bug-wget] the libidn problem, Ander Juaristi, 2015/06/30
- [Bug-wget] [PATCH] the libidn problem, Tim Ruehsen <=
  - Re: [Bug-wget] [PATCH] the libidn problem, Ander Juaristi, 2015/06/30
  - Re: [Bug-wget] [PATCH] the libidn problem, Hubert Tarasiuk, 2015/06/30
    - Re: [Bug-wget] [PATCH] the libidn problem, Tim Ruehsen, 2015/06/30

Prev by Date: Re: [Bug-wget] the libidn problem
Next by Date: Re: [Bug-wget] the libidn problem
Previous by thread: Re: [Bug-wget] the libidn problem
Next by thread: Re: [Bug-wget] [PATCH] the libidn problem
Index(es):
- Date
- Thread