-
wget (1.11.4-2ubuntu1.2) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
-- Marc Deslauriers <email address hidden> Wed, 01 Sep 2010 11:01:02 -0400
-
wget (1.11.4-2ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
NULL in the common-name in src/openssl.c.
- CVE-2009-3490
-- Marc Deslauriers <email address hidden> Mon, 05 Oct 2009 14:40:43 -0400
-
wget (1.11.4-2ubuntu1) jaunty; urgency=low
* Merge from Debian unstable (LP: #295181), Ubuntu remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
-- Pedro Fragoso <email address hidden> Wed, 05 Nov 2008 03:41:48 +0000
-
wget (1.11.4-1ubuntu1) intrepid; urgency=low
* Merge from Debian unstable (LP: #249277), Ubuntu remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* Modify Maintainer value to match Debian-Maintainer-Field Spec
-- Pedro Fragoso <email address hidden> Tue, 01 Jul 2008 11:58:02 +0100
