[MacPorts] #45714: wget: CVE-2014-4877
MacPorts
noreply at macports.org
Fri Oct 31 11:31:27 PDT 2014
#45714: wget: CVE-2014-4877
----------------------+--------------------------
Reporter: cal@… | Owner: ryandesign@…
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.3.2
Keywords: security | Port: wget
----------------------+--------------------------
Wget until version 1.16 has a absolute path traversal vulnerability that
allows rogue FTP servers to write arbitrary files and thus execute
arbitrary commands.
See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4877.
It doesn't seem like upstream released a fixed version yet, but Ubuntu has
a patch in debian/patches/CVE-2014-4877.patch in
http://archive.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.15-1ubuntu1.14.04.1.debian.tar.gz.
--
Ticket URL: <https://trac.macports.org/ticket/45714>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list