-
wget (1.12-1.1ubuntu2.2) lucid-security; urgency=medium
* SECURITY UPDATE: remote code execution via absolute path traversal
vulnerability in FTP
- debian/patches/CVE-2014-4877.dpatch: don't create local symlinks in
src/init.c, check for duplicate file nodes in src/ftp.c, updated
documentation in doc/wget.texi.
- CVE-2014-4877
-- Marc Deslauriers <email address hidden> Thu, 30 Oct 2014 10:10:03 -0400
-
wget (1.12-1.1ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
-- Marc Deslauriers <email address hidden> Tue, 31 Aug 2010 14:55:47 -0400
-
wget (1.12-1.1ubuntu2) lucid; urgency=low
* Rebuild against libssl-dev 0.9.8k-7ubuntu4 to fix wget-udeb dependencies
(LP: #503339).
-- Colin Watson <email address hidden> Tue, 05 Jan 2010 16:31:46 +0000
-
wget (1.12-1.1ubuntu1) lucid; urgency=low
* Merge from debian testing, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
* Keep build dependencies in main:
- debian/control: remove info2man build-dep
- debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
-- Marc Deslauriers <email address hidden> Sat, 12 Dec 2009 08:15:59 -0500
-
wget (1.11.4-2ubuntu2) karmic; urgency=low
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- debian/patches/security-CVE-2009-3490.dpatch: make sure there is no
NULL in the common-name in src/openssl.c.
- CVE-2009-3490
-- Marc Deslauriers <email address hidden> Mon, 05 Oct 2009 14:32:57 -0400
