Source: wget Version: 1.24.5-1 Severity: important Tags: security upstream Forwarded: https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1.21.3-1 Control: found -1 1.21-1+deb11u1 Control: found -1 1.21-1
Hi, The following vulnerability was published for wget. CVE-2024-38428[0]: | url.c in GNU Wget through 1.24.5 mishandles semicolons in the | userinfo subcomponent of a URI, and thus there may be insecure | behavior in which data that was supposed to be in the userinfo | subcomponent is misinterpreted to be part of the host subcomponent. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-38428 https://www.cve.org/CVERecord?id=CVE-2024-38428 [1] https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html [2] https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace Regards, Salvatore
