Hi, On Thu, Apr 04, 2019 at 12:40:32PM +0200, Salvatore Bonaccorso wrote: > Source: wget > Version: 1.20.1-1 > Severity: important > Tags: security upstream fixed-upstream > > Hi, > > The following vulnerability was published for wget. > > CVE-2019-5953[0]: > Buffer overflow vulnerability > > It was mentioned in the 1.20.2 release, [1]. It might be related to > [2], but not sure as the references do not give much details. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-5953 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953 > [1] https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html > [2] > https://git.savannah.gnu.org/cgit/wget.git/commit/?id=5d87635c66aaa01bdf95f6b093b66c3d2768b696
Sorry, just to be clear, it is not confirmed that either 5d87635c66aaa01bdf95f6b093b66c3d2768b696 or maybe would be meant. CVE-2019-5953 is associated with a 'buffer overflow vulnerability' fixed in 1.20.2 but is without details so far. Regards, Salvatore