On Wed, 2002-12-11 at 08:26, Daniel Stenberg wrote: > I find it mildly annoying that I have not seen this discussed or even > mentioned in here. > > Or am I just ignorant?
No, you aren't. See http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html ... wget (CVE: CAN-2002-1344) -------------------------- Note: notification and resolution of the wget issue was handled primarily through Mark Cox of Red Hat Linux, not the package maintainer. Sep 30, 2002 - wget issue discovered Sep 30, 2002 - notified Mark Cox (Red Hat) of wget issue Oct 1, 2002 - found wget absolute path issue Oct 2, 2002 - provided fake web server to Red Hat Oct 6, 2002 - notified wget developer ([EMAIL PROTECTED]) Nov 7, 2002 - inquiry by Red Hat on release status for wget; still haven't heard back from [EMAIL PROTECTED], need to consider other options Nov 25, 2002 - Red Hat notifies that wget patches are ready Dec 2, 2002 - notification to wget developer; new email address found by Red Hat; developer is mostly inactive Dec 9, 2002 - CVE ID acquired, sent to Red Hat ... A fixed package for Debian stable and unstable will follow today. -- Noch einen schönen Tag Noèl Köthe
