Opened 5 years ago

Closed 5 years ago

#9941 closed defect (fixed)

wget-1.19.2

Reported by: bdubbs@… Owned by: ken@…
Priority: high Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 5 years ago

HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.

comment:2 by ken@…, 5 years ago

Owner: changed from blfs-book@… to ken@…
Priority: normalhigh
Status: newassigned
Type: enhancementdefect

Fixes CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 - following the links for the first two of those, if you connect to a malicious server it can execute arbitrary code on your machine. The last allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

in reply to:  1 comment:3 by ken@…, 5 years ago

Replying to renodr:

HEADS UP - the tarball format changed. *.tar.xz is no longer available, it has to be *.tar.gz.

Correct. There is also a *.tar.lz - tar will try to use something called 'lzip' to process that, so not usable in BLFS.

comment:4 by ken@…, 5 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.