bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget bug


From: Johnny Chin
Subject: Re: [Bug-wget] wget bug
Date: Thu, 17 Sep 2015 20:11:21 -0400

Thanks. I am aware of that. Going forward I can explicitly set that in the
script as needed but for now, it is easier to mass change our standardized
wgetrc on our managed systems to get the "broken" scripts working.

--
Johnny Chin
(sent from Android)

On Sep 17, 2015 7:44 PM, "Ángel González" <address@hidden> wrote:

> On 18/09/15 01:30, Johnny Chin wrote:
>
> Thank you for that flag.  I was unaware of that.
> Can that flag be set as default in the wgetrc?
> I have users that used the old wget to get files from our servers that
> needs it.
>
>
> Yes, you can set trust-server-names in ~/.wgetrc  *but* you are
> reintroducing CVE-2010-2252.
>
> It would be much better if they explicitely provided the flag (only when
> needed) or a filename:
>  wget http://downloads.malwarebytes.org/file/mbam/ -O
> latest-mbam-setup.exe
>
> Also note, they can rename index.html to mbam-setup.exe
>
>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]