Date: Mon, 20 Jun 2016 23:14:38 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 210420] security/vuxml: Security Vulnerability in wget (CVE-2016-4971) Message-ID: <bug-210420-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210420 Bug ID: 210420 Summary: security/vuxml: Security Vulnerability in wget (CVE-2016-4971) Product: Ports & Packages Version: Latest Hardware: Any URL: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg 00004.html OS: Any Status: New Keywords: easy, patch, patch-ready, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: junovitch@freebsd.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) CC: Assignee: ports-secteam@FreeBSD.org Created attachment 171627 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D171627&action= =3Dedit Patch VuXML for wget vuln announcement CVE-2016-4971 HTTP to a FTP redirection file name confusion vulnerability in wget. On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. * Upstream Announcement (part of 1.18 release announcement): http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html * Upstream commit that fixes it: =20 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3De996e322ffd42aaa0516= 02da182d03178d0f13e1 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210420-13>