Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Aug 2016 21:24:49 +0200
From: Tim Rühsen <tim.ruehsen@....de>
To: bug-wget@....org
Cc: "Misra, Deapesh" <dmisra@...isign.com>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, "dawid@...alhackers.com" <dawid@...alhackers.com>
Subject: Re: [Bug-wget] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability

Hi,

here is a patch to limit the file modes to u+rw for temp. downloaded files.

Not sure if your proof of concept still works or not - but it seems a good 
thing anyways.

Regards, Tim

View attachment "0001-Limit-file-mode-to-u-rw-on-temp.-downloaded-files.patch" of type "text/x-patch" (1811 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ