-
wget (1.10.2-3ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
-- Marc Deslauriers <email address hidden> Wed, 01 Sep 2010 11:20:17 -0400
-
wget (1.10.2-3ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
NULL in the common-name in src/openssl.c.
- CVE-2009-3490
-- Marc Deslauriers <email address hidden> Mon, 05 Oct 2009 14:56:22 -0400
-
wget (1.10.2-3ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Ubuntu Maintainer foobar.
wget (1.10.2-3) unstable; urgency=low
* Generate a POT file (thanks Martin)
(closes: Bug#376075)
* added missing -O2 optimization
(closes: Bug#415421)
* removed unneeded groff build-dep
(closes: Bug#399478)
* corrected lintian warning debian-rules-sets-DH_COMPAT
-- <email address hidden> (Fabio M. Di Nitto) Mon, 18 Jun 2007 10:20:55 +0200