Hi all, Sorry, I'm new here. May I ask a question in this list: There is a vulnerability issue with wget (see below pls.). Newest wget in opencsw is GNU Wget 1.16.3. Is it intended to release a fixed version of wget here soon?
Generally asked: Is there any process that ensures the fix of security issues in the opencsw project? ----------------------------------------------------------------------------------------- >From SB16-186: Vulnerability Summary for the Week of June 27, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology<http://www.nist.gov> (NIST) National Vulnerability Database<http://nvd.nist.gov> (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security<http://www.dhs.gov> (DHS) National Cybersecurity and Communications Integration Center<https://www.us-cert.gov/nccic> (NCCIC) / United States Computer Emergency Readiness Team<https://www.us-cert.gov> (US-CERT). For modified or updated entries, please visit the NVD<http://nvd.nist.gov>, which contains historical vulnerability information Vulnerability Summary for CVE-2016-4971 Original release date: 06/30/2016 Last revised: 07/01/2016 Source: US-CERT/NIST Overview GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. --------------------------------------------------------------------------------------------- TIA, Reinhard
