On Sun, Feb 06, 2005 at 07:04:22PM +0100, Joerg Mayer wrote:
On Sun, Feb 06, 2005 at 06:49:17PM +0100, Marcus Meissner wrote:
There is no patch yet. Its also not that critical to hurry. - evil remote servers can overwrite files in one directory up from the current one. You usually do not download from evil servers.
I download quite a lot of stuff from servers where I can't be sure that they aren't evil. In fact, I probably do half of my downloads with konqueror, the other half with wget.
What I find interesting is, that in the latest security advisory, there's the passage
2) pending vulnerabilities, solutions, workarounds: - None.
How does this match with the wget problem? Is this an oversight or some misunderstanding in the interpretation of this message?
ciao Joerg
PS: I probably should have started my mail with this: You are doing a good job with the advisories and keeping us informed - it feels to me things have improved significantly since you took over (but there seems to be some room for improvement too, see above ;)
It is still open. The summary takes like 2 hours which I have barely the time to spare sometimes ;) I tend to list only critical vulnerabilities there currently. Ciao, Marcus