[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH] the libidn problem

From: Tim Ruehsen
Subject: [Bug-wget] [PATCH] the libidn problem
Date: Tue, 30 Jun 2015 10:04:25 +0200
User-agent: KMail/4.14.2 (Linux/4.0.0-2-amd64; KDE/4.14.2; x86_64; ; )

Thanks for the reminder, Daniel.

Here is a patch for Wget.

@Ander, just saw your mail when I was done with a patch.
Please have a look, it just accepts 1-4 bytes sequences.

Regards, Tim

On Monday 29 June 2015 23:14:39 Daniel Stenberg wrote:
> Hi,
> The libidn issue that was previously reported[1], is still outstanding and
> hasn't been fixed in libidn. This keeps wget vulnerable.
> I've just recommended[2] libcurl users to disable libidn until this gets
> resolved, as it seems it may drag on and keeping vulnerable code around is
> not good.
> [1] = https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00002.html
> [2] = http://curl.haxx.se/mail/lib-2015-06/0143.html

Attachment: 0001-Work-around-a-libidn-1.30-vulnerability.patch
Description: Text Data

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]