ubuntu/+source/wget:applied/ubuntu/zesty-updates

Last commit made on 2017-10-26
Get this branch:
git clone -b applied/ubuntu/zesty-updates https://git.launchpad.net/ubuntu/+source/wget
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/zesty-updates
Repository:
lp:ubuntu/+source/wget

Recent commits

fd89e09... by Marc Deslauriers on 2017-10-23

Import patches-applied version 1.18-2ubuntu1.1 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 346aea6ddca8c25e9a57fc854aaccb5c52b683a3
Unapplied parent: 4a3b336cb35238983dc96489621f2cd1a1ee59d9

New changelog entries:
  * SECURITY UPDATE: race condition leading to access list bypass
    - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
    - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
      src/http.c.
    - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
      src/http.c.
    - CVE-2016-7098
  * SECURITY UPDATE: CRLF injection in url_parse
    - debian/patches/CVE-2017-6508.patch: check for invalid control
      characters in src/url.c.
    - CVE-2017-6508
  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

4a3b336... by Marc Deslauriers on 2017-10-23

[PATCH 2/2] Fix heap overflow in HTTP protocol handling

Gbp-Pq: CVE-2017-13090.patch.

68a8650... by Marc Deslauriers on 2017-10-23

[PATCH 1/2] Fix stack overflow in HTTP protocol handling

Gbp-Pq: CVE-2017-13089.patch.

1ffb123... by Marc Deslauriers on 2017-10-23

CVE-2017-6508.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6508.patch.

a636631... by Marc Deslauriers on 2017-10-23

* src/http.c (check_file_output): Replace asprintf by aprint

Gbp-Pq: CVE-2016-7098-3.patch.

3e29b27... by Marc Deslauriers on 2017-10-23

Append .tmp to temporary files

Gbp-Pq: CVE-2016-7098-2.patch.

c87b5fc... by Marc Deslauriers on 2017-10-23

Limit file mode to u=rw on temp. downloaded files

Gbp-Pq: CVE-2016-7098-1.patch.

204dc66... by Marc Deslauriers on 2017-10-23

properly detect SSLv3 being disabled on Ubuntu because the

Gbp-Pq: disable-SSLv3.patch.

30ef34e... by Marc Deslauriers on 2017-10-23

wget-openssl1.1.0.patch

No DEP3 Subject or Description header found

Gbp-Pq: wget-openssl1.1.0.patch.

310e75a... by Marc Deslauriers on 2017-10-23

wget-doc-CRLs.patch

No DEP3 Subject or Description header found

Gbp-Pq: wget-doc-CRLs.patch.