From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-29226-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 25754 invoked by alias); 17 Oct 2011 21:45:22 -0000
Received: (qmail 25743 invoked by uid 22791); 17 Oct 2011 21:45:21 -0000
X-SWARE-Spam-Status: No, hits=-7.1 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 17 Oct 2011 21:45:06 +0000
Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p9HLj6wk019128	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)	for <cygwin-apps@cygwin.com>; Mon, 17 Oct 2011 17:45:06 -0400
Received: from [10.3.113.158] (ovpn-113-158.phx2.redhat.com [10.3.113.158])	by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p9HLj510002601	for <cygwin-apps@cygwin.com>; Mon, 17 Oct 2011 17:45:05 -0400
Message-ID: <4E9CA1E1.1060708@redhat.com>
Date: Mon, 17 Oct 2011 21:45:00 -0000
From: Eric Blake <eblake@redhat.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110928 Fedora/3.1.15-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.4 Thunderbird/3.1.15
MIME-Version: 1.0
To: cygwin-apps@cygwin.com
Subject: Re: SECURITY: wget
References: <1318788264.7624.3.camel@YAAKOV04>
In-Reply-To: <1318788264.7624.3.camel@YAAKOV04>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
X-SW-Source: 2011-10/txt/msg00042.txt.bz2

On 10/16/2011 12:04 PM, Yaakov (Cygwin/X) wrote:
> Eric,
>
> wget-1.12 is vulnerable to CVE-2010-2252; please update to the latest
> upstream release (1.13.4) to fix.  While you're at it, may I suggest
> adding the attached patch to fix the documented location of wgetrc.

Thanks for the heads-up.

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org