24 lines
1.1 KiB
Plaintext
24 lines
1.1 KiB
Plaintext
<patchinfo incident="11">
|
|
<!-- generated from request(s) 336343 -->
|
|
<issue tracker="bnc" id="1226419">VUL-0: CVE-2024-38428: wget: mishandles semicolons in the userinfo subcomponent of a URI</issue>
|
|
<issue tracker="cve" id="2024-38428"/>
|
|
<packager>vlefebvre</packager>
|
|
<rating>moderate</rating>
|
|
<category>security</category>
|
|
<summary>Security update for wget</summary>
|
|
<description>This update for wget fixes the following issues:
|
|
|
|
- CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419)
|
|
|
|
- Update to GNU wget 1.24.5:
|
|
* Fix how subdomain matches are checked for HSTS.
|
|
* Wget will now also parse the srcset attribute in <source> HTML tags
|
|
* Support reading fetchmail style "user" and "passwd" fields from netrc
|
|
* In some cases, prevent the confusing "Cannot write to... (success)" error messages
|
|
* Support extremely fast download speeds (TB/s)
|
|
* Ensure that CSS URLs are corectly quoted
|
|
* libproxy support is now upstream- drop wget-libproxy.patch
|
|
</description>
|
|
<package>wget</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |