Re: [Tails-dev] [Bug-wget] Wget Sending Original IP !!

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: pretty-in-pink
CC: The Tails public development discussion list
Oggetto: Re: [Tails-dev] [Bug-wget] Wget Sending Original IP !!
pretty-in-pink@??? wrote (13 Aug 2015 16:02:50 GMT) :
> Can you please follow this thread and update Wget for the next version of Tails?


> Topic: [Bug-wget] FTP PORT command code in v1.16.3?


> https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html


> I haven't performed any sniffing attempts on my network, but apparently others have on theirs.


I've had a look, and indeed it seems that in the context of Tails this
could mean leaking the network adapter's IP address (i.e. most of the
case a RFC-1918 one, but let's not count on that) in packets at the
application layer.

Could you please check:

1. if this is worth a CVE ID
2. if the proposed patchset applies on top of Debian Wheezy's wget

?

Cheers,
--
intrigeri