Your message dated Wed, 05 Nov 2014 16:13:34 +0000
with message-id <[email protected]>
and subject line Bug#767283: fixed in wget 1.16-2
has caused the Debian Bug report #767283,
regarding wget manpage doesn't warn that certificate revocation lists are not
checked
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
767283: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767283
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wget
Version: 1.15-1
Severity: grave
Tags: security
Justification: user security hole
Certificate revocation is not checked: wget downloads
https://www.cloudflarechallenge.com/
without any warning or error, contrary to Firefox (and to Chromium
when the CRLSet is up-to-date).
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wget depends on:
ii libc6 2.18-4
ii libgnutls28 3.2.13-2
ii libidn11 1.28-2
ii libnettle4 2.7.1-2
ii libuuid1 2.20.1-5.7
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages wget recommends:
ii ca-certificates 20140325
wget suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.16-2
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noël Köthe <[email protected]> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 05 Nov 2014 12:15:02 +0100
Source: wget
Binary: wget
Architecture: source amd64
Version: 1.16-2
Distribution: unstable
Urgency: medium
Maintainer: Noël Köthe <[email protected]>
Changed-By: Noël Köthe <[email protected]>
Description:
wget - retrieves files from the web
Closes: 767283 768110
Changes:
wget (1.16-2) unstable; urgency=medium
.
* debian/changelog mention CVE-2014-4877 in 1.16-1
* debian/patches/wget-progressbar.patch upstream commited patch
76f6fe22 to fix progressbar. Closes: #768110
* debian/patches/wget-doc-CRLs.patch document that CRLs are not checked.
Closes: #767283
Checksums-Sha1:
9f5f6e2d034fbf45e5b1195e7e526496632a4307 1741 wget_1.16-2.dsc
a0f7487b1e9439d89112926ef825aa2220e7fe03 16588 wget_1.16-2.debian.tar.xz
7e7e230e63a288a93f79e5aaed061fa3566f0977 495884 wget_1.16-2_amd64.deb
Checksums-Sha256:
60f7c9bf01abc64819a02d9f3ebd1d6dfdd459ff82587b4898db3eb448949408 1741
wget_1.16-2.dsc
6a62f3d27366310292e2fa217f638d97a86ebd16f77bb58cbe48c4e514c71434 16588
wget_1.16-2.debian.tar.xz
ff9ae788d1072ee2c46cc7cee645e8122ebb4ed84ff9a804ab1f4ea089d2030e 495884
wget_1.16-2_amd64.deb
Files:
43c320a6125f9c63416ca48c5e6a0d3c 1741 web important wget_1.16-2.dsc
b5bca37c842c296724440a12b65e8d22 16588 web important wget_1.16-2.debian.tar.xz
af24478af1fdf983aebd34a807a0b375 495884 web important wget_1.16-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUWgVDAAoJEGjAeL6I+AzavjIP/jaFIcSbX005cT2FWBaRtquK
xHrsGSo+/0NK8v6yXzRYqWMGqZWYWntWWgosgbv5W2zU/L84vfTDS8hYLyCYsfk0
GhIZEWKgQ1tgEOBSyfCOZqbcz/xcLuPYKKoDawT4PdvVP9vgcmcBcYj6gBHjtZCN
R3MQTH2q82D/dg5hsfi3I2w8P84cKN6O1RGWq83sHmG+QpsIiiOoBPMAGH6koWaz
AfSFG6CLdsEfUHFMZ3HXBIg4eiFlE+pD35UibiPLlfw6CJr0s6TSTAngNvlc8nzQ
Y0u1bBo3dBLFBl/FuxUkRe9IqcUAj/KMamMEgs8a3mDm4W5XAgaTnjWWB1ZGJtvQ
e6nE+P16GCt/dqfVIgcTxD0lq8UDjQl0NLEimcsAMH543tRy9BAqNH4SvcLvN8qh
h6TMwquPcl3YVTv4Vk79D8tSNQuIyg0wQwHNROCesR2/QzTd2sEfbZK972R7C+Tt
+P5wGfml2J1Hi86jtxM28+Niy4eInJqAeUMp7XPVfIzuj62bziWcHm3q36mWMfV7
pCVs/uIKyTOTQ338LueV0/+kRgboMIS5FQsNxSu67l0sh1o1c/4grxZyMyeiwlqh
QxRtTEkRiOG10V3PU+egKaYl0unuUJvEdadTEHbh7C1mpb6Er0biMBaj3ff6NzG3
EV1LP0/a0efM96+IwwJS
=Zfms
-----END PGP SIGNATURE-----
--- End Message ---
