Read and respond to this message at: https://sourceforge.net/forum/message.php?msg_id=3689115 By: nobody
Hello! On 2005-10-14, the moderately critical advisory CVE-2005-3185 noted a vulnerability in the NTLM HTTP authentication in wget version 1.10.1: http://secunia.com/advisories/17192/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185 The suggested solution was to upgrade to v1.10.2, which has the fix to this buffer overflow. I compared the GNU sources of wget v1.10.1 and v1.10.2 from here http://ftp.gnu.org/pub/gnu/wget/ And the only changes are a two-line fix to http-ntlm.c to check the buffer, and a very small change to SSL behavior. Since the changes are minor and the latest GnuWin32 build of wget on sourceforge is still the vulnerable 1.10.1 version (2005-08-20) https://sourceforge.net/project/showfiles.php?group_id=23617&package_id=16430 I wonder if the new version might be packaged and upped to sourceforge? ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/forum/unmonitor.php?forum_id=74807 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ GnuWin32-Users mailing list GnuWin32-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gnuwin32-users
