bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [Secunia Research] GNU wget Vulnerability Report - Reques


From: Tim Rühsen
Subject: Re: [Bug-wget] [Secunia Research] GNU wget Vulnerability Report - Request for Details
Date: Thu, 4 Apr 2019 09:27:33 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 4/4/19 3:14 AM, Secunia Research wrote:
> Hello,
> 
> We are currently processing a report published by a third-party [1] for GNU
> wget and are currently evaluating it to publish a Secunia Advisory for this.
> Please see the original report for details.
> 
> We would appreciate to receive your comments on those issues before we
> publish our advisory based on this information.
> 
> * Can you confirm the vulnerability?

Yes

> * Which products and versions are affected by the vulnerability?

GNU Wget < 1.20.2

> * When do you expect to release fixed versions?

1.20.2 has been released on 1st April 2019

> * Are there any mitigating factors or recommended workarounds?

Mitigate by updating to GNU Wget 1.20.2.

If updating is not possible, as far as I can say:
Use only trusted IRIs as input, do not *recursively* download from
untrusted servers.

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]