Re: wget for sarge update
Colin Watson wrote:
> On Sat, Oct 02, 2004 at 02:59:13PM +0200, Noèl Köthe wrote:
> > wget <= 1.9.1-4 (which is in sarge and frozen) had a security problem
> > (#261755) which is fixed in -6 and -7 (right now in incoming). -5 had
> > the first fixing patch but was not multibyte aware (#271931).
> > Jan Minar <jjminar fastmail.fm> wrote the fixing patches (Thanks!).
> > Upstream author doesn't respond to this and other things/mails since
> > weeks so right now he is MIA.:(
>
> <mdz> Kamion: I think it's silly
> <mdz> Jan Minar has filed a bunch of similar bugs
> <mdz> I'm waiting for the one against cat(1)
> <mdz> where it will allow arbitrary characters to be displayed on the terminal
>
> Is this really a security issue?
Since escape codes can turn the terminal into $whatever when displayed
without escaping them, the least problem is a reset or confused terminal.
Regards,
Joey
--
No question is too silly to ask, but, of course, some are too silly
to answer. -- Perl book
Reply to: