Your message dated Thu, 11 Apr 2019 08:36:39 +0000
with message-id <e1hevcj-000bgn...@fasolo.debian.org>
and subject line Bug#926389: fixed in wget 1.20.1-1.1
has caused the Debian Bug report #926389,
regarding wget: CVE-2019-5953
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
926389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wget
Version: 1.20.1-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
The following vulnerability was published for wget.
CVE-2019-5953[0]:
Buffer overflow vulnerability
It was mentioned in the 1.20.2 release, [1]. It might be related to
[2], but not sure as the references do not give much details.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953
[1] https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html
[2]
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=5d87635c66aaa01bdf95f6b093b66c3d2768b696
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.20.1-1.1
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 926...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2019 15:36:38 +0200
Source: wget
Architecture: source
Version: 1.20.1-1.1
Distribution: unstable
Urgency: high
Maintainer: Noël Köthe <n...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 926389
Changes:
wget (1.20.1-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389)
Checksums-Sha1:
0d9569a779f484639a08f62523158c63b338a3a9 2092 wget_1.20.1-1.1.dsc
8750ca48611630f4c594a4ca3ab901826c379fbf 60872 wget_1.20.1-1.1.debian.tar.xz
Checksums-Sha256:
b193fdf37cc33955e366ae1fdb6df5425d13769d9e131c52382ae132ad931261 2092
wget_1.20.1-1.1.dsc
7eee4b6b9394a495888d1fc0db951c6b3bd883ca522a11df3433732dc116001e 60872
wget_1.20.1-1.1.debian.tar.xz
Files:
7a84dd8efb09001dcb9af1576b35992c 2092 web standard wget_1.20.1-1.1.dsc
e0ed66f143f4d81dd0f27a8f01a9c5c8 60872 web standard
wget_1.20.1-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlynWudfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Er6sP/1BW0FyfN8/E3RuJ+5kKLucSkF9GB73g
Gi04TFtGz2UfyqyVRv/p81eEsZ+Ps4cXzPFa2xODs6Qnn7DE5jSlX1xQzfUArkOt
SnwSpOBEwEeR0czoSJ3h9zwVtb0o61fG+nHLzRD0fyuMu77J8KtiiPQOiYvqfsFi
pbyzGibIU2hjB/TGyYlHS3IyZfPUVjhUlxOIMT5GJhwrfIAhVcmWyKzxjaLxqe7E
zffh2SWFzg2+jKRVsh1UInIWDfgcqTowBt+HlBbpKIarX3nOxS+QR3rz3ZSPoBDv
fdfv3rd86kk4SHw7rK/gZBhwJJNxnY2k89wzSBq3oIBbZ3WvXlnUGTBn5uxfAyQ8
6zaeLNh3d/KcrS6pK7+JE32DqfFHHOJ7MB0uwDQ7sDy5vWpawYm6X+JkMhiV2zet
jhZ9RXUbZ5UybxQKeXUlHKnVgpXGjPdbD2ICaicbgMo4Zv+nosz5FzZve1quwUXk
4I7/1rrSbhTeJzlE9/UbXbeDZbJji2QCV74NST3H08RowITeJgOwtptxrv9VQhM4
t2OIbcuBoeEBBUSldvakYKAQbRCcJYaCoFEuTsVs80kOl0hmJgmUKmCJj85TUmHU
KtRXD1xmgE2woyBRJCg91x3J2cT6GU3JSLod7OyWFboM0fc0FVF3yH7VEpyWbKLb
rI1AESkdAmxf
=MxK/
-----END PGP SIGNATURE-----
--- End Message ---
