Ubuntu
wget package

Please merge wget 1.12-2.1 (main) from debian unstable (main)

Bug #403070 reported by Bhavani Shankar
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wget (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Binary package hint: wget

wget (1.12-2.1) unstable; urgency=high

   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2010-2252: use of server provided file name might lead to
     overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
     Security team (Closes: #590296)

 -- Giuseppe Iuculano <email address hidden> Sun, 05 Sep 2010 15:33:19 +0200

wget (1.12-2) unstable; urgency=low

   * acknoledge NMUs. Thanks for your work/help Matt and Anthony
     closes: #574185
   * debian/source/format switched to dpkg-source 3.0 (quilt) format

 -- Noèl Köthe <email address hidden> Fri, 09 Apr 2010 22:50:22 +0200

wget (1.12-1.2) unstable; urgency=low

   * Non-maintainer upload.
   * Revised po/zh_CN.po based on
     http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
     to correct mistranslation of " eta " etc. closes: Bug#570528
   * Revised po/de.po to removed extraneous doubled quote signs in German
     locale. closes: Bug#571704
   * debian/control updated Standards-Version to 3.8.4, no changes

 -- Anthony Fok <email address hidden> Wed, 17 Mar 2010 06:19:26 +0800

See original description
Tags: merge

Related branches

lp:ubuntu/natty/wget

CVE References

Revision history for this message
Bhavani Shankar (bhavi) wrote :
Changed in wget (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your work there, there is a new debian revision could you rebase on this one?

Changed in wget (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Bhavani Shankar (bhavi) wrote :

updated debdiff

Bhavani Shankar (bhavi)
summary: - Please merge wget 1.11.4-3(main) from debian unstable(main)
+ Please merge wget 1.11.4-4(main) from debian unstable(main)
tags: added: merge
description: updated
Revision history for this message
Michael Vogt (mvo) wrote : Re: Please merge wget 1.11.4-4(main) from debian unstable(main)

I just had a look at this package and the new wget in debian adds a "info2man" build dependency. This package is (currently) not in man, we will have to write a MIR report for it to get included.

Revision history for this message
Lorenzo De Liso (blackz) wrote :

Bhavani, are you going to merge the latest version from Debian unstable? If you're not working on this merge and you don't mind, I'd merge it. I talked to Marc Deslauriers and we agreed that I should merge the latest version of the wget package available in Debian unstable.

Revision history for this message
Bhavani Shankar (bhavi) wrote :

Hey Lorenzo:

Please feel free to take it as you have followed it up and me working at this stage would be not nice :-)

Regards

Revision history for this message
Lorenzo De Liso (blackz) wrote :
summary: - Please merge wget 1.11.4-4(main) from debian unstable(main)
+ Please merge wget 1.12-2.1 (main) from debian unstable (main)
description: updated
Revision history for this message
Bhavani Shankar (bhavi) wrote :

Thanks lorenzo for your work :-)

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff. Uploading now.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wget - 1.12-2.1ubuntu1

---------------
wget (1.12-2.1ubuntu1) natty; urgency=low

  * Merge from debian unstable (LP: #403070), remaining changes:
    - Add wget-udeb to ship wget.gnu as alternative to busybox wget
      implementation.
    - Keep build dependencies in main:
      + debian/control: remove info2man build-dep
      + debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
    - Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
  * Dropped changes:
    - SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
      + debian/patches/CVE-2010-2252.dpatch: don't use server names in
        doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
      + This update changes previous behaviour by ignoring the filename
        supplied by the server during redirects. To re-enable previous
        behaviour, see the new --trust-server-names option.
      + CVE-2010-2252: fixed in debian

wget (1.12-2.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-2252: use of server provided file name might lead to
    overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
    Security team (Closes: #590296)

wget (1.12-2) unstable; urgency=low

  * acknoledge NMUs. Thanks for your work/help Matt and Anthony
    closes: #574185
  * debian/source/format switched to dpkg-source 3.0 (quilt) format

wget (1.12-1.2) unstable; urgency=low

  * Non-maintainer upload.
  * Revised po/zh_CN.po based on
    http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
    to correct mistranslation of " eta " etc. closes: Bug#570528
  * Revised po/de.po to removed extraneous doubled quote signs in German
    locale. closes: Bug#571704
  * debian/control updated Standards-Version to 3.8.4, no changes
 -- Lorenzo De Liso <email address hidden> Tue, 02 Nov 2010 15:17:29 +0100

Changed in wget (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.