Description: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007." See https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html. No reply from upstream though.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05f98b2284e04f5078b8b38238d6688f9c76414b commit 05f98b2284e04f5078b8b38238d6688f9c76414b Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-04-29 19:40:38 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-04-29 19:41:01 +0000 dev-util/samurai: Security revbump to fix mull pointer dereference Removed old Bug: https://bugs.gentoo.org/786957 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> .../files/samurai-1.2-null_pointer_fix.patch | 26 ++++++++++++++++++++++ .../{samurai-1.2.ebuild => samurai-1.2-r1.ebuild} | 4 ++++ 2 files changed, 30 insertions(+)
Sorry, wrong bug referenced :-(
Package list is empty or all packages have requested keywords.
https://github.com/flatcar-linux/portage-stable/commit/aecbf049b7776a38fd5ae55a06a779b58134e323 seems to indicate it was fixed in 1.21.2 but I don't see another source for this yet. I don't see a reference upstream.
Thanks, you are right. CVE-2021-31879 is indeed not fixed, according to https://savannah.gnu.org/bugs/?56909 . We will continue following the issue in the future, and try to address correctly when there is news from the upstream wget.