Conectiva

Notified:  December 05, 2002 Updated: December 13, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Conectiva has published Conectiva Linux Security Announcement CLA-2002:552 to address this vulnerability. For more information, please see http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552

Debian

Notified:  December 05, 2002 Updated: December 13, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Debian has published Debian Security Advisory DSA-209-1 to address this vulnerability. For more information, please see http://www.debian.org/security/2002/dsa-209

Gentoo Linux

Notified:  December 20, 2002 Updated: December 31, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Gentoo Linux has published Security Announcement 200212-7 to address this vulnerability. For more information, please see http://forums.gentoo.org/viewtopic.php?t=27117

MandrakeSoft

Notified:  December 05, 2002 Updated: December 12, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

MandrakeSoft has published MandrakeSoft Security Advisory MDKSA-2002:086 to address this vulnerability. For more information, please see http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:086

Red Hat Inc.

Notified:  December 05, 2002 Updated: December 10, 2002

Status

  Vulnerable

Vendor Statement

Red Hat distributes wget with Red Hat Linux which is vulnerable to these issues. Updated versions of wget are available at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2002-229.html Red Hat Linux Advanced Server: http://rhn.redhat.com/errata/RHSA-2002-256.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trustix

Notified:  December 19, 2002 Updated: December 31, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Trustix Secure Linux has published Security Advisory #2002-0089 to address this vulnerability. For more information, please see http://www.trustix.net/errata/misc/2002/TSL-2002-0089-wget.asc.txt