-
wget (1.15-1ubuntu1.14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-5953-*.patch: fix in
src/iri.c.
- CVE-2019-5953
-- <email address hidden> (Leonidas S. Barbosa) Mon, 08 Apr 2019 16:28:33 -0300
-
wget (1.15-1ubuntu1.14.04.4) trusty-security; urgency=medium
* SECURITY UPDATE: Cookie injection vulnerability
- debian/patches/CVE-2018-0494.patch: fix cooking injection
in src/http.c.
- CVE-2018-0494
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 May 2018 13:59:12 -0300
-
wget (1.15-1ubuntu1.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: race condition leading to access list bypass
- debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
- debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
src/http.c.
- debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
src/http.c.
- CVE-2016-7098
* SECURITY UPDATE: CRLF injection in url_parse
- debian/patches/CVE-2017-6508.patch: check for invalid control
characters in src/url.c.
- CVE-2017-6508
* SECURITY UPDATE: stack overflow in HTTP protocol handling
- debian/patches/CVE-2017-13089.patch: return error on negative chunk
size in src/http.c.
- CVE-2017-13089
* SECURITY UPDATE: heap overflow in HTTP protocol handling
- debian/patches/CVE-2017-13090.patch: stop processing on negative
chunk size in src/retr.c.
- CVE-2017-13090
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2017 15:39:58 -0400
-
wget (1.15-1ubuntu1.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: http to ftp redirect spoofed filenames
- debian/patches/CVE-2016-4971.patch: understand --trust-server-names
on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
- CVE-2016-4971
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 10:50:13 +0300
-
wget (1.15-1ubuntu1.14.04.1) trusty-security; urgency=medium
* SECURITY UPDATE: remote code execution via absolute path traversal
vulnerability in FTP
- debian/patches/CVE-2014-4877.patch: don't create local symlinks in
src/init.c, check for duplicate file nodes in src/ftp.c, updated
documentation in doc/wget.texi.
- CVE-2014-4877
-- Marc Deslauriers <email address hidden> Thu, 30 Oct 2014 10:02:13 -0400
-
wget (1.15-1ubuntu1) trusty; urgency=medium
[ Colin Watson ]
* Resynchronise with Debian. Remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget.
- Build-depend on libssl-dev 0.9.8k-7ubuntu4.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
[ Mark Russell ]
* debian/rules: build wget-udeb to install its binary as /usr/bin/wget
instead of /usr/bin/wget.gnu (LP: #1172101).
wget (1.15-1) unstable; urgency=medium
* new upstream release from 2014-01-19
Wget: fails with long file names in URLs Closes: #672131
Wget omits Host header for CONNECT Closes: #699337
Wget: Inaccurate catalan translation Closes: #697081
Cannot write to ... (Success) Closes: #716938
Regression: write error on wget -c for already fully retrieved file
Closes: #696700
wget: NTLM not supported Closes: #718262
wget --no-check-certificate does check certificate in certain conditions
Closes: #686837
* debian/control updated Standard-Version; no changes needed
wget (1.14.96.38327-2) experimental; urgency=low
* debian/rules fix configure option --with-libidn Closes: #728735
wget (1.14.96.38327-1) experimental; urgency=low
* 1.15 alpha version from 2013-11-02
- removed patches which are included now upstream:
wget-doc-fixitemx2item.patch
wget-doc-remove2.nv.patch
wget-doc-texi2pod_fixperl5.18change.patch
- included fixes for
Wget: fails with long file names in URLs Closes: #672131
Wget omits Host header for CONNECT Closes: #699337
Wget: Inaccurate catalan translation Closes: #697081
Cannot write to ... (Success) Closes: #716938
Regression: write error on wget -c for already fully retrieved file
Closes: #696700
wget: NTLM not supported Closes: #718262
wget --no-check-certificate does check certificate in certain conditions
Closes: #686837
* debian/control add Recommends ca-certificates to get
https URLs working. Closes: #712540
* debian/rules fix lintian warning dh-clean-k-is-deprecated
-- Colin Watson <email address hidden> Fri, 07 Feb 2014 17:42:45 +0000
-
wget (1.14-5ubuntu1) trusty; urgency=low
* Merge from Debian unstable, remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget.
- Build-depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build
with -Os and without libidn.
* Use dh_autotools-dev instead of custom config.{sub,guess} copy.
-- Adam Conrad <email address hidden> Tue, 10 Dec 2013 23:53:45 -0700
-
wget (1.14-2ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Depend on libssl-dev 0.9.8k-7ubuntu4
- Pass --with-ssl=openssl; we don't want to use gnutls, there's no udeb
for it.
- Add a second build pass for the udeb, so we can build without libidn.
- d/rules: Compile with -Os and disabling NLS/DEBUG in udeb to reduce
code size.
- d/rules: change backticks to $(shell ...) to fix FTBFS in sbuild
wget (1.14-2) unstable; urgency=low
* fix changed Texinfo 5 itemx vs item behaviour
with patch wget-doc-fixitemx2item.patch
closes: #711028
* remove second -nv in manpage wget-doc-remove2.nv.patch
closes: #704085
* debian/control updated Standards-Version, no changes needed
-- Oussama Bounaim <email address hidden> Thu, 18 Jul 2013 14:29:40 +0100
