Your message dated Sun, 13 May 2018 20:53:18 +0000
with message-id <e1fhxza-000fqy...@fasolo.debian.org>
and subject line Bug#898076: fixed in wget 1.16-1+deb8u5
has caused the Debian Bug report #898076,
regarding wget: CVE-2018-0494: cookie injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
898076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wget
Version: 1.19.4-1
Severity: grave
Tags: patch security upstream fixed-upstream
Hi,
The following vulnerability was published for wget.
CVE-2018-0494[0]:
cookie injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494
[1]
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.16-1+deb8u5
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 898...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 May 2018 21:24:51 +0200
Source: wget
Binary: wget
Architecture: source
Version: 1.16-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Noël Köthe <n...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 898076
Description:
wget - retrieves files from the web
Changes:
wget (1.16-1+deb8u5) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cookie injection (CVE-2018-0494) (Closes: #898076)
Checksums-Sha1:
a0a2b72c4378cbe282e86488fa26b8cd9a108ba5 1938 wget_1.16-1+deb8u5.dsc
3d414aff4cd836a0f1f5ed35af8b900cd64f7eb9 23544 wget_1.16-1+deb8u5.debian.tar.xz
Checksums-Sha256:
7b899a289fafd193a3f37f53eb539583330f2235e16916d007d8cd6387022265 1938
wget_1.16-1+deb8u5.dsc
14427e02817a510a7e43828ef87842c93cecc37397ebbed450df61d1d8f303da 23544
wget_1.16-1+deb8u5.debian.tar.xz
Files:
419fe0b71ff73a89a1db3457998c6004 1938 web important wget_1.16-1+deb8u5.dsc
e639bd7bb1e6a4ce3a84df02f953adb7 23544 web important
wget_1.16-1+deb8u5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrvV35fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E27EP+wVd4n8B69fxFOCwNbDUefJFXKna9hDr
TMB3lYzg9IkTJHmJSKL7lFGYIutneYYgXHydAE52l8ucoqiTYJ6FxfJuJUhVHD+f
OrvfM3R95GtWbvPNMSVk28Nw0AfUm05hjsQo6uG52eIyVC/DX2YuUWD2VNlZOuzv
S5O1a8vy5KYC1UY3p5ASaVmZNFuHHikDqoSOB+YdKK2us87e+7chIydsm6pImGU+
Ok6wPRYioL9j5roUMPsZPcp9YwI0f/oWgLsfogVieL7pbG4ewDSlFC73OYl1N4/v
4yrZjz/gLzvGmfMb3Cgh7GIlSoNHTiRb6OR+UfouMZReRjpqM6auX2kNnViqUcf/
fWY7J8cVxefOoeka95DnDLmXJiQGOBvb2rkj2KoAgvNd7Qe70DUfKBZWMOZoBzk2
PQjDQB7jtmlS24LhMgdgO+y5rObEIS5ZzRgbxHebgYwowRoHY5LLEX2XmsVY/0Gh
1cRQNPcPgmTrfbnVFBH3jydp1eFomF6loCzP785mnQTC+RtX3AfFJgYhI74pczj/
bcP1iwJ6IaURgTgXyvUGVe7quBoGlokgvoNowbZMDiAXfpFsfEuga8/O3eIHVRkQ
sKhDsAz3ASgHEzWKCYLZnct61kDmVRvFKX2RAJ9dqTk0mFBQpPPBgrT9y8DipNIj
AGkh8I5YVUJ9
=TIgD
-----END PGP SIGNATURE-----
--- End Message ---
