]> sjero.net Git - wget/blobdiff - NEWS
projects / wget / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add NUL-character fix to NEWS file.
[wget] / NEWS
diff --git a/NEWS b/NEWS
index 559558e741397b0e4f01bf901f3fe792aeda7553..87bd21c07e55e3e242bb39bf4722e1332f548013 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
 
 ** Mailing list MOVED to bug-wget@gnu.org
 
+** SECURITY FIX: It had been possible to trick Wget into accepting
+SSL certificates that don't match the host name, through the trick of
+embedding NUL characters into the certs' common name.
+
 ** Added support for CSS. This includes:
      - Parsing links from CSS files, and from CSS content found in HTML
        style tags and attributes.
GNU Wget (from http://git.savannah.gnu.org/cgit/wget.git). Modified to allow selection of TCP source port. Clone using: git clone http://sjero.net/src/wget/ wget