ubuntu/+source/wget:ubuntu/xenial-security

Last commit made on 2019-04-09
Get this branch:
git clone -b ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/wget
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-security
Repository:
lp:ubuntu/+source/wget

Recent commits

8e01f0f... by Leonidas S. Barbosa on 2019-04-08

Import patches-unapplied version 1.17.1-1ubuntu1.5 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: e6bf254de199307870ab22b1182062d10dffe85b

New changelog entries:
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-5953-*.patch: fix in
      src/iri.c.
    - CVE-2019-5953

e6bf254... by Leonidas S. Barbosa on 2018-05-08

Import patches-unapplied version 1.17.1-1ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: cd4338f1183a20e5fdb4c4922b322b622866af6e

New changelog entries:
  * SECURITY UPDATE: Cookie injection vulnerability
    - debian/patches/CVE-2018-0494.patch: fix cooking injection
      in src/http.c.
    - CVE-2018-0494

cd4338f... by Marc Deslauriers on 2017-10-23

Import patches-unapplied version 1.17.1-1ubuntu1.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 935534b41b6f3ca04ab2a4e3978e843f0ee7f1e1

New changelog entries:
  * SECURITY UPDATE: race condition leading to access list bypass
    - debian/patches/CVE-2016-7098-1.patch: limit file mode in src/http.c.
    - debian/patches/CVE-2016-7098-2.patch: add .tmp to temp files in
      src/http.c.
    - debian/patches/CVE-2016-7098-3.patch: replace asprintf by aprint in
      src/http.c.
    - CVE-2016-7098
  * SECURITY UPDATE: CRLF injection in url_parse
    - debian/patches/CVE-2017-6508.patch: check for invalid control
      characters in src/url.c.
    - CVE-2017-6508
  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

935534b... by Chen-Han Hsiao (Stanley) on 2017-02-24

Import patches-unapplied version 1.17.1-1ubuntu1.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: a60e57cfaad3915a8aa077ea8826cf4500c79e72

New changelog entries:
  * debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch
    upstream commited 7099f489 patch to fix segmentation fault (LP: #1573307)

a60e57c... by Marc Deslauriers on 2016-06-14

Import patches-unapplied version 1.17.1-1ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: e567de5bf9e2a7a3f8159f77a32d7d9900a2cc7b

New changelog entries:
  * SECURITY UPDATE: http to ftp redirect spoofed filenames
    - debian/patches/CVE-2016-4971.patch: understand --trust-server-names
      on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
    - CVE-2016-4971

e567de5... by Matthias Klose on 2016-01-08

Import patches-unapplied version 1.17.1-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: d17ecbda6ff906a4e4606e1ee8438d2befbe119b

New changelog entries:
  * Merge with Debian experimental, remaining changes:
    - Add wget-udeb to ship wget as alternative to busybox wget.
    - Build-Depend on libssl-dev instead of libgnutls28-dev.
    - Pass --with-ssl=openssl; there's no udeb for gnutls.
    - Add a second build pass for the udeb, so we can build with -Os and
      without libidn.
    - Use dh_autotools-dev instead of custom config.{sub,guess} copy.
    - Don't build with libpsl-dev, which is in universe.
  * Enable parallel builds.

d17ecbd... by Noël Köthe on 2015-12-13

Import patches-unapplied version 1.17.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4e4ef0caf0f0be9132e67cb9bb65ea807af9d105

New changelog entries:
  * new upstream relase from 2015-12-11
    - fixed segfault in strlen(). closes: #805673

4e4ef0c... by Noël Köthe on 2015-11-17

Import patches-unapplied version 1.17-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 55629e27279e5d659767c05b5a5dbe075c16c53f

New changelog entries:
  * new upstream relase from 2015-11-16
    - fixed IP address exposure in FTP code. closes: #799964
    - fixed not reacting on GNUTLS_E_REHANDSHAKE closes: #797057
    - make --convert-links messages more clear closes: #633703

55629e2... by Noël Köthe on 2015-06-20

Import patches-unapplied version 1.16.3-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ff5d93711c4034769ee86e5c9d8ecfa1a65fdb04

New changelog entries:
  * changed libgnutls28-dev dependency to a versioned one to fix
    libnettle transition in gnutls. closes: #787942

ff5d937... by Noël Köthe on 2015-03-19

Import patches-unapplied version 1.16.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 725d9697856675f58d8144b3f397022c0b19cd5b

New changelog entries:
  * upload to unstable
    Closing bugs from the experimental uploads since 1.16-1
    Closes: #779519, #144076, #768110, #745836, #772020, #767283