[Secure-testing-team] Re: iDEFENSE Security Advisory [IDEF1202]
Multiple Vendor wget/curl NTLM Buffer Overflow Vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Thu Oct 13 13:08:19 UTC 2005
Noèl Köthe wrote:
> > >> this issue, it will be publicly released in 60 days on 12/12/2005.
> >
> > Unfortunately, <secure-testing-team at lists.alioth.debian.org> is a
> > public mailing list, so it's no longer possible to hide this issue.
>
> Its already public from the wget mailinglist from where I've got this
> info:
>
> http://www.mail-archive.com/wget%40sunsite.dk/msg08294.html
> or
> http://article.gmane.org/gmane.comp.web.wget.general/5064
>
> A fixed 1.10.2 was released already:
>
> http://www.mail-archive.com/wget%40sunsite.dk/msg08295.html
Thanks, I've filed a bug against curl with a proposed fix derived
from wget's 1.10.2 release. iDefense typically requests CVE assignments
for their advisories, so we don't need to do so ourselves.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list