Short story: upgrade your packages (sudo apt-get update; sudo apt-get upgrade)
I understand that this project officially uses curl to pull stuff from the Internet, but I figure this would be useful to notify you guys of two vulnerability discovered with wget, which I know a significant amount of people use. I use it from time to time, because it’s easy for just quickly fetching a file from the web.
Canonical says that an attacker could potentially view sensitive information using the vulnerability. I don’t think this vulnerability impacts the community very much, but don’t quote me on that.
There are two different CVE reports (whatever they’re called), with one being low priority, and one being medium:
Information:
https://usn.ubuntu.com/3943-1/
CVE-2019-5953
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5953.html
Debian: https://security-tracker.debian.org/tracker/CVE-2019-5953
Priority: Medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)
CVE-2018-20483
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20483.html
Debian: https://security-tracker.debian.org/tracker/CVE-2018-20483
Priority: Low
(low: “Open vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up.”)