Package: wget Version: 1.25.0-2 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: Debian Security Team <[email protected]>
"wget https://payment-web.mercanet.bnpparibas.net/payment"; does a download without an error while the certificate has been revoked: Indeed, Firefox says: Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to payment-web.mercanet.bnpparibas.net. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. Firefox blocked your visit to this site because the certificate provided for payment-web.mercanet.bnpparibas.net has been revoked and isn’t trusted anymore. Error code: SEC_ERROR_REVOKED_CERTIFICATE -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.16.3+deb14-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages wget depends on: ii libc6 2.41-12 ii libgnutls30t64 3.8.10-2 ii libidn2-0 2.3.8-4 ii libnettle8t64 3.10.1-1 ii libpcre2-8-0 10.46-1 ii libpsl5t64 0.21.2-1.1+b1 ii libuuid1 2.41.1-2 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages wget recommends: ii ca-certificates 20250419 wget suggests no packages. -- no debconf information -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
