-
wget (1.17.1-1ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-5953-*.patch: fix in
src/iri.c.
- CVE-2019-5953
-- <email address hidden> (Leonidas S. Barbosa) Mon, 08 Apr 2019 16:13:54 -0300
-
wget (1.17.1-1ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: Cookie injection vulnerability
- debian/patches/CVE-2018-0494.patch: fix cooking injection
in src/http.c.
- CVE-2018-0494
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 May 2018 14:00:12 -0300
-
wget (1.17.1-1ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: race condition leading to access list bypass
- debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
- debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
src/http.c.
- debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
src/http.c.
- CVE-2016-7098
* SECURITY UPDATE: CRLF injection in url_parse
- debian/patches/CVE-2017-6508.patch: check for invalid control
characters in src/url.c.
- CVE-2017-6508
* SECURITY UPDATE: stack overflow in HTTP protocol handling
- debian/patches/CVE-2017-13089.patch: return error on negative chunk
size in src/http.c.
- CVE-2017-13089
* SECURITY UPDATE: heap overflow in HTTP protocol handling
- debian/patches/CVE-2017-13090.patch: stop processing on negative
chunk size in src/retr.c.
- CVE-2017-13090
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2017 15:36:01 -0400
-
wget (1.17.1-1ubuntu1.2) xenial-proposed; urgency=medium
* debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch
upstream commited 7099f489 patch to fix segmentation fault (LP: #1573307)
-- Chen-Han Hsiao (Stanley) <email address hidden> Fri, 24 Feb 2017 12:24:53 -0800
-
wget (1.17.1-1ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: http to ftp redirect spoofed filenames
- debian/patches/CVE-2016-4971.patch: understand --trust-server-names
on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
- CVE-2016-4971
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 10:36:24 +0300
-
wget (1.17.1-1ubuntu1) xenial; urgency=medium
* Merge with Debian experimental, remaining changes:
- Add wget-udeb to ship wget as alternative to busybox wget.
- Build-Depend on libssl-dev instead of libgnutls28-dev.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
- Don't build with libpsl-dev, which is in universe.
* Enable parallel builds.
wget (1.17.1-1) unstable; urgency=medium
* new upstream relase from 2015-12-11
- fixed segfault in strlen(). closes: #805673
wget (1.17-1) unstable; urgency=medium
* new upstream relase from 2015-11-16
- fixed IP address exposure in FTP code. closes: #799964
- fixed not reacting on GNUTLS_E_REHANDSHAKE closes: #797057
- make --convert-links messages more clear closes: #633703
wget (1.16.3-3) unstable; urgency=medium
* changed libgnutls28-dev dependency to a versioned one to fix
libnettle transition in gnutls. closes: #787942
wget (1.16.3-2) unstable; urgency=medium
* upload to unstable
Closing bugs from the experimental uploads since 1.16-1
Closes: #779519, #144076, #768110, #745836, #772020, #767283
wget (1.16.3-1) experimental; urgency=medium
* new upstream release from 2015-03-09 which fixes the --quiet regression
* debian/rules fix lintian error temporary-debhelper-file
wget (1.16.2-2) experimental; urgency=medium
* upstream patch to fix new bug in 1.16.2 where -q is not quiet anymore
main.c-Need-to-explicitly-disallow-show_progress-in-.patch
closes: #779519
wget (1.16.2-1) experimental; urgency=medium
* new upstream release from 2015-02-28 to experimental until jessie release
- Allow progress bar on stderr when -o is used. Closes: #144076
-- Matthias Klose <email address hidden> Fri, 08 Jan 2016 14:07:18 +0100
-
wget (1.16.1-1ubuntu1) vivid; urgency=medium
* Merge with Debian experimental, remaining changes:
- Add wget-udeb to ship wget as alternative to busybox wget.
- Build-Depend on libssl-dev instead of libgnutls28-dev.
- Pass --with-ssl=openssl; there's no udeb for gnutls.
- Add a second build pass for the udeb, so we can build with -Os and
without libidn.
- Use dh_autotools-dev instead of custom config.{sub,guess} copy.
- Don't build with libpsl-dev, which is in universe.
* Drop fix-openssl-implicit-decl-warning.patch, applied upstream.
-- Dmitry Shachnev <email address hidden> Tue, 13 Jan 2015 17:51:26 +0300
