Hello, FYI from wget:
Debian stable doesn't have this problem because NTLM is a new feature in wget 1.10 (http://svn.dotsrc.org/repo/wget/tags/WGET_1_10_1/NEWS see * Changes in Wget 1.10.) and sarge has 1.9.x It is a problem in etch/sid. Until now no reaction from upstream. Am Mittwoch, den 12.10.2005, 16:15 -0400 schrieb vendor-disclosure: > iDEFENSE has identified an NTLM Buffer Overflow Vulnerability in > wget/curl. This vulnerability was submitted to iDEFENSE through our > Vulnerability Contributor Program: > > http://www.idefense.com/poi/teams/vcp.jsp > > iDEFENSE Labs has validated this vulnerability and has drafted the > attached advisory. In accordance with our vendor disclosure policy > > http://www.idefense.com/legal_disclosure.jsp > > We would request that you acknowledge receipt of this initial > notification within five business days so that we may begin the process > of coordinating an appropriate public disclosure date for this issue > that will provide your company with adequate time to develop a patch or > workaround to mitigate this vulnerability. If you have questions > regarding this issue or require further details to assist with your own > analysis, please do not hesitate to contact us. > > It is always our goal to coordinate on the public disclosure of > patches/advisories as quickly as possible after a vulnerability is > discovered. If however a reasonable timeframe cannot be agreed upon for > this issue, it will be publicly released in 60 days on 12/12/2005. > iDEFENSE is willing to work with a vendor to find a mutually agreeable > release date beyond this timeframe so long as the vendor continues to > make good faith efforts to produce patches in a timely fashion and > regularly informs iDEFENSE of their progress in doing so. > > Please note that if the affected product is included within other > applications and/or operating systems, iDEFENSE will not be coordinating > disclosure of the vulnerability to affected third parties. We would ask > that you handle this coordination separately. > > Regards, > Michael Sutton > > Michael Sutton > Director, iDEFENSE Labs > iDEFENSE > 1875 Campus Commons Drive, Suite 210 > Reston, VA 20191 > direct: 703.480.5628 > voice: 703.390.1230 > fax: 703.390.9456 > [EMAIL PROTECTED] > www.idefense.com -- Noèl Köthe <noel debian.org> Debian GNU/Linux, www.debian.org
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
