Hi, yes, we are tracking it here: https://bugzilla.suse.com/show_bug.cgi?id=902709 thank you Victor Pereira On 10/30/2014 09:20 AM, Sverre Moe wrote:
A new version of wget is out, 1.16
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html * Noteworthy changes in Wget 1.16 ** No longer create local symbolic links by default. Closes CVE-2014-4877.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4877
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15...
OpenSUSE 13.1 uses wget-1.14 Last changes: Thu May 2 17:50:50 UTC 2013 https://build.opensuse.org/package/show/openSUSE:13.1/wget
OpenSUSE 13.2 uses wget-1.15 Last changes: Sun Jan 19 22:02:25 UTC 2014 https://build.opensuse.org/package/show/openSUSE:13.2/wget
When will we see a fix for wget on OpenSUSE? I also use some SLES and have not seen any indication that SUSE is on this either.
-- Victor Pereira SUSE LINUX Products GmbH GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org