Re: wget for sarge update

To: debian-release@lists.debian.org
Subject: Re: wget for sarge update
From: Martin Schulze <joey@infodrom.org>
Date: Wed, 6 Oct 2004 18:54:36 +0200
Message-id: <[🔎] 20041006165436.GZ10459@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20041006163950.GF17611@riva.ucam.org>
References: <[🔎] 1096721953.1934.63.camel@p4.domain.lan> <[🔎] 20041006163950.GF17611@riva.ucam.org>

Colin Watson wrote:
> On Sat, Oct 02, 2004 at 02:59:13PM +0200, Noèl Köthe wrote:
> > wget <= 1.9.1-4 (which is in sarge and frozen) had a security problem
> > (#261755) which is fixed in -6 and -7 (right now in incoming). -5 had
> > the first fixing patch but was not multibyte aware (#271931).
> > Jan Minar <jjminar fastmail.fm> wrote the fixing patches (Thanks!).
> > Upstream author doesn't respond to this and other things/mails since
> > weeks so right now he is MIA.:(
> 
>   <mdz> Kamion: I think it's silly
>   <mdz> Jan Minar has filed a bunch of similar bugs
>   <mdz> I'm waiting for the one against cat(1)
>   <mdz> where it will allow arbitrary characters to be displayed on the terminal
> 
> Is this really a security issue?

Since escape codes can turn the terminal into $whatever when displayed
without escaping them, the least problem is a reset or confused terminal.

Regards,

	Joey

-- 
No question is too silly to ask, but, of course, some are too silly
to answer.   -- Perl book

Reply to:

References:
- wget for sarge update
  - From: Noèl Köthe <noel@debian.org>
- Re: wget for sarge update
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: wget for sarge update
Next by Date: What's the status of the modutils RC bugs, anyone investigated it?
Previous by thread: Re: wget for sarge update
Next by thread: Re: wget for sarge update
Index(es):
- Date
- Thread