3 matches found
CLSA-2025-1762783856 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: mishandling of semicolons in userinfo - debian/patches/CVE-2024-38428.patch: properly re-implement userinfo parsing in src/url.c. - CVE-2024-38428...
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
...
OESA-2024-1756 wget security update
GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. Security Fixes: url.c in GNU Wg...