Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#49730 - [wget] CVE-2016-4971: arbitrary file overwrite in wget < 1.18
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Thursday, 16 June 2016, 09:32 GMT
Last edited by Levente Polyak (anthraxx) - Sunday, 19 June 2016, 12:53 GMT
Opened by Remi Gacogne (rgacogne) - Thursday, 16 June 2016, 09:32 GMT
Last edited by Levente Polyak (anthraxx) - Sunday, 19 June 2016, 12:53 GMT
|
DetailsHi,
wget 1.18 [1] has fixed a security issue, CVE-2016-4971 [2], that might allow an attacker to overwrite an arbitrary file on the local file-system. Stretching it a bit, it might lead to code execution if the overwritten file is executed automatically, say for example .bash_profile. [1]: https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1343666 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Sunday, 19 June 2016, 12:53 GMT
Reason for closing: Fixed
Additional comments about closing: 1.18-1
Sunday, 19 June 2016, 12:53 GMT
Reason for closing: Fixed
Additional comments about closing: 1.18-1