pretty-in-pink@??? wrote (13 Aug 2015 16:02:50 GMT) :
> Can you please follow this thread and update Wget for the next version of Tails?
> Topic: [Bug-wget] FTP PORT command code in v1.16.3?
> https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
> I haven't performed any sniffing attempts on my network, but apparently others have on theirs.
I've had a look, and indeed it seems that in the context of Tails this
could mean leaking the network adapter's IP address (i.e. most of the
case a RFC-1918 one, but let's not count on that) in packets at the
application layer.
Could you please check:
1. if this is worth a CVE ID
2. if the proposed patchset applies on top of Debian Wheezy's wget
?
Cheers,
--
intrigeri