Opened 5 months ago

Closed 5 months ago

#20646 closed enhancement (fixed)

wget-1.25.0

Reported by: Bruce Dubbs Owned by: blfs-book
Priority: elevated Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (3)

comment:1 by Bruce Dubbs, 5 months ago

GNU Wget NEWS -- history of user-visible changes.

Noteworthy changes in release 1.25.0 (2024-11-10) [stable]

  • [Breaking change] Drop support for shorthand FTP URLs (CVE-2024-10524)
  • [Breaking change] Switch to continuous reading from stdin pipes
  • Reimplement user-info parsing based on RFC 2396
  • Fix a build issue with libproxy and --disable-debug

Note: I could not find CVE-2024-10524, but I did find https://jfrog.com/blog/cve-2024-38428-wget-vuln-all-you-need-to-know/

Last edited 5 months ago by Bruce Dubbs (previous) (diff)

comment:2 by Bruce Dubbs, 5 months ago

Fixed at commit 90842acba6. Leaving ticket open for security advisory.

comment:3 by Douglas R. Reno, 5 months ago

Priority: normalelevated
Resolution: fixed
Status: newclosed

SA-12.2-040 issued

Note: See TracTickets for help on using tickets.