Your message dated Sun, 14 Apr 2019 10:33:17 +0000
with message-id <e1hfcrp-000btd...@fasolo.debian.org>
and subject line Bug#926389: fixed in wget 1.18-5+deb9u3
has caused the Debian Bug report #926389,
regarding wget: CVE-2019-5953
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
926389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wget
Version: 1.20.1-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
The following vulnerability was published for wget.
CVE-2019-5953[0]:
Buffer overflow vulnerability
It was mentioned in the 1.20.2 release, [1]. It might be related to
[2], but not sure as the references do not give much details.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953
[1] https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html
[2]
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=5d87635c66aaa01bdf95f6b093b66c3d2768b696
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.18-5+deb9u3
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 926...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2019 15:05:06 +0200
Source: wget
Architecture: source
Version: 1.18-5+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Noël Köthe <n...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 926389
Changes:
wget (1.18-5+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389)
Checksums-Sha1:
2bf174b06cc0425f97479aa05546948465db1d94 2085 wget_1.18-5+deb9u3.dsc
d0993735e38ee05a74f52c7ab7166bdc58b33e78 23672 wget_1.18-5+deb9u3.debian.tar.xz
Checksums-Sha256:
0ffd4ef70f0e0c919fd60aa0135ca4b920ebaa9793935dd3a615103f7d209525 2085
wget_1.18-5+deb9u3.dsc
da643e00461f2a4451256ec2547a3c2d9d3c9819f3657e459d6cbdaa6c5390ad 23672
wget_1.18-5+deb9u3.debian.tar.xz
Files:
ded18cd2cff5ca6cdbddef8379be6b6d 2085 web important wget_1.18-5+deb9u3.dsc
8b6c1a8d16fd9cf9bc2123c90dc32dcb 23672 web important
wget_1.18-5+deb9u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlynU35fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EYX0P/0MOqPIEsC8YYfhVVATg0vJ/XxM53igA
JnGJtw9QplSM9QnsxL7Df+J8wA/DutAyqbRuYQ+XLLEAqW2r12wn7zF3dKtSOMjk
7ysCz6pAxR5iu6vJN+5ftAoZ55maL0RntZMi4wG5zQKZFvN2Itv5HZEP+ub4bxL2
jovSpW0yU+vwIP3y0hWb0zSj3BcDN2p4Wcxw3e1arr2JPCMh6iZ/5Ho2ZuQXhmZR
/jITyQAbhjFRuGVoo540Grlkx6yVYtg5BmrVliFcRVPcFNhJ48nSh0HlUqOzRPol
oORIMI/xQpajby1B0vypYtGej0Gwa1yAcHGfvq5GpsF5xZKsPqhsxA+1qihfiXBV
ZvZ5WAbZeF2iFKGSMwMrxlOCafl7Hzoa8FNSanlvC0Uiu3ZuQuIyVl2xvxjTXQKJ
sX3ZHr7x9KjLxh/oTpSRFvxDx0kPokR3y4D7R+TJDFjSaUGn95AT9/mx8HmyujcK
57NkFliQb8hY3a7qUXRTgu8D3/9y8U1VsOCL1fz3+GB9efr6pJ4uAe3ymi7Sm/OM
ZZ+KYaVOgWHdBOK2GT3Y7nrkZNznIO/fEUvM1ETBMScttSHEHlDoLIRhy0Kh3WpP
C8vgU6crD0gS2CbGL5gqQCy7eF2Y4PP72+Eg9tfbbpKoi3M8A5Ux2gHEH7jbRiLF
c5UIp8/ti755
=ldp6
-----END PGP SIGNATURE-----
--- End Message ---
