Hi, On Thu, Apr 04, 2019 at 01:07:37PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Thu, Apr 04, 2019 at 12:40:32PM +0200, Salvatore Bonaccorso wrote: > > Source: wget > > Version: 1.20.1-1 > > Severity: important > > Tags: security upstream fixed-upstream > > > > Hi, > > > > The following vulnerability was published for wget. > > > > CVE-2019-5953[0]: > > Buffer overflow vulnerability > > > > It was mentioned in the 1.20.2 release, [1]. It might be related to > > [2], but not sure as the references do not give much details. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2019-5953 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953 > > [1] https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html > > [2] > > https://git.savannah.gnu.org/cgit/wget.git/commit/?id=5d87635c66aaa01bdf95f6b093b66c3d2768b696 > > Sorry, just to be clear, it is not confirmed that either > 5d87635c66aaa01bdf95f6b093b66c3d2768b696 or maybe would be meant. > CVE-2019-5953 is associated with a 'buffer overflow vulnerability' > fixed in 1.20.2 but is without details so far.
Actually given https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a220ead43505bc3e0ea8efb1572919111dbbf6dc the real fix would be https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c and is only in 1.20.3 but not in 1.20.2. Regards, Salvatore
