Suggested advisory:
========================

The updated package fixes a security vulnerability:

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. (CVE-2024-10524)

References:
https://www.openwall.com/lists/oss-security/2024/11/18/6
========================

Updated package in core/updates_testing:
========================
wget-1.21.4-1.2.mga9

from SRPM:
wget-1.21.4-1.2.mga9.src.rpm

Source RPM: wget-1.24.5-1.mga10.src.rpm, wget-1.21.4-1.1.mga9.src.rpm => wget-1.21.4-1.1.mga9.src.rpm
Status comment: Fixed upstream in 1.25.0 => (none)
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED

Thank you Nicolas for already updating wget to v1.25.0; and the advisory.

As it is already in M9 core/updates_testing, assigning to QA.

Assignee: bugsquad => qa-bugs

mga9-64 OK here, used for drakrpm and company

CC: (none) => fri

RH x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Nonfree 32bit Updates (distrib37)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing wget-1.21.4-1.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: wget                  ##################################################################################################
      1/1: removing wget-1.21.4-1.1.mga9.x86_64
                                 ##################################################################################################

wget is set as downloader in drakrpm-editmedia

LC_ALL=C urpmi.update -a -ff --debug 

shows that works

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Ref bug 30509 for testing.
Checked after the update the downloader in MCC is wget, checked the /etc/urpmi/urpmi.cfg file.
Then
# urpmi.update Core\ Updates 
medium "Core Updates (distrib3)" is up-to-date
    https://ftp.belnet.be/mirror/mageia/mageia/distrib/9/x86_64/media/debug/core/updates/media_info/20241120-171125-synthesis.hdlist.cz
updated medium "Core Updates Debug (distrib4)"
    https://ftp.belnet.be/mirror/mageia/mageia/distrib/9/x86_64/media/core/updates_testing/media_info/20241121-170206-synthesis.hdlist.cz                        
updated medium "Core Updates Testing (distrib5)"
    https://ftp.belnet.be/mirror/mageia/mageia/distrib/9/x86_64/media/debug/core/updates_testing/media_info/20241121-170246-synthesis.hdlist.cz                  
updated medium "Core Updates Testing Debug (distrib6)"
OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

MGA9-64

wget working from command line.

CC: (none) => brtians1

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0378.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED