update: net-misc/wget - Githubissues

flatcar / Flatcar

Flatcar project repository for issue tracking, project documentation, etc.

https://www.flatcar.org/

Apache License 2.0

689 stars 30 forks source link

update: net-misc/wget #1472

Closed tormath1 closed 2 months ago

tormath1 commented 3 months ago

Name: net-misc/wget CVEs: CVE-2024-38428 CVSSs: 9.1 Action Needed: upgrade to >= 1.24.5

Summary: url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

refmap.gentoo: https://bugs.gentoo.org/930041

dongsupark commented 2 months ago

Resolved by https://github.com/flatcar/scripts/pull/2070.