Your message dated Sat, 18 Mar 2017 15:19:50 +0000
with message-id <[email protected]>
and subject line Bug#857073: fixed in wget 1.19.1-2
has caused the Debian Bug report #857073,
regarding wget: CVE-2017-6508: CRLF injection in the url_parse function in url.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
857073: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wget
Version: 1.16-1
Severity: important
Tags: patch security upstream
Forwarded: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Hi,
the following vulnerability was published for wget.
CVE-2017-6508[0]:
| CRLF injection vulnerability in the url_parse function in url.c in Wget
| through 1.19.1 allows remote attackers to inject arbitrary HTTP headers
| via CRLF sequences in the host subcomponent of a URL.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6508
[1] http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
[2]
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.19.1-2
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noël Köthe <[email protected]> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Mar 2017 14:52:26 +0100
Source: wget
Binary: wget wget-udeb
Architecture: source amd64
Version: 1.19.1-2
Distribution: unstable
Urgency: medium
Maintainer: Noël Köthe <[email protected]>
Changed-By: Noël Köthe <[email protected]>
Description:
wget - retrieves files from the web
wget-udeb - retrieves files from the web (udeb)
Closes: 857073
Changes:
wget (1.19.1-2) unstable; urgency=medium
.
* added upstream patch to fix CVE-2017-6508 closes: Bug#857073
Checksums-Sha1:
9a9f9e7795ac233aef8a6b317962d713367e8839 1917 wget_1.19.1-2.dsc
f052eee3379c9169ca84f254b82f3e35f0800235 20508 wget_1.19.1-2.debian.tar.xz
cbcd05186a4321340ce41d8ecd0fcc4c7c5f9d33 459504 wget-dbgsym_1.19.1-2_amd64.deb
dabd11bc7de89c7c29ad2b8897b69e7dd63e24f8 150746 wget-udeb_1.19.1-2_amd64.udeb
42f83db40b99f67f66a33ccf8af79ae64c8c067d 7277 wget_1.19.1-2_amd64.buildinfo
7823b54d5255f9ba740324cc278b8612ca7a1530 857260 wget_1.19.1-2_amd64.deb
Checksums-Sha256:
2bd3c638ef797ceb74538f1b9ab58edb4a50a417f3ab417381efd772d23b5ca7 1917
wget_1.19.1-2.dsc
59f42a5f9499247608c05a8c02a8dae520b1cf91dcf7361e85a88de413a66720 20508
wget_1.19.1-2.debian.tar.xz
a003872cf344ab19f5a9239b2de5d65d5b15944ddfd9f4fd0a751adc09d22154 459504
wget-dbgsym_1.19.1-2_amd64.deb
822552a579501a3e761d84192b628f34919f40e24bde94f45da579b64485a5ee 150746
wget-udeb_1.19.1-2_amd64.udeb
b474166c13a0f2099a8dd8f4d58bc0d208eed404f7b854d2f2f77808a411a2dd 7277
wget_1.19.1-2_amd64.buildinfo
684f657e530e1d8b1a1545af597055f1523369145203f784a31d8c70928f6aa4 857260
wget_1.19.1-2_amd64.deb
Files:
558713962be21f8eebcbbb68f411f734 1917 web important wget_1.19.1-2.dsc
b79d91722492f3a2bbe68f1e2ede1acc 20508 web important
wget_1.19.1-2.debian.tar.xz
0133e2fc56b588253f97b6f154371a67 459504 debug extra
wget-dbgsym_1.19.1-2_amd64.deb
1b885274ddc6a8a8f120bc9de3fa3af1 150746 debian-installer extra
wget-udeb_1.19.1-2_amd64.udeb
197895c5230a6ef7adf2c9cbbe762915 7277 web important
wget_1.19.1-2_amd64.buildinfo
17802db484f356c38bdab94fbc3f14e0 857260 web important wget_1.19.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpF5AXAxsgPE/8VIXaMB4voj4DNoFAljNPKgACgkQaMB4voj4
DNqvhg//Rndd/NyeQTyjFbsjxL8ClUHxe84OltBz0mApkxl4tQaEix8jY87q/t6k
HywR4vshmsDOYnwLfWB3OUcxuwKoaQo2QnqbSLKFdtImL8+N7vPDygt7FSQa0GS/
bTybH10lE9QLkCmJH7vNhL3OUwnPonZuRTPtgr1vgut1768fxbC+GYw58e34KwEO
da8M3lY9mVWTMaUALPHoyefsZjh6dElVSXbUKhxOPqv5hKkGH4EG05SdLtw0rHwK
3Cth1eKGCAFtd+OdIuA/awdVQ5gQt/gU0JcTCN6hBjTYF9yTZyTJLgaSDimZ5zMN
w1dXNiRxgFmmqA7mF9QCE9fmeMiAI9Ezl1PY/L5onU/Ch0KQ9TlQ/dbKauTXY7aj
YS0X9q9DR+vLWnwI5+bpILWZLxQQH5KAdSPp2as7gKQ3EClhcgBUOwa6AxIylVYC
TJL9EIb/eIHRYCyafNS+ee3EZBZUBRC83RE84OMgZwy++smRWE8uPYXmGuj8P4Pa
m/ia13Hw2B1EaOkUMYwJtVGxHRUYW47kEQMM6SbJ4I2rIFesNrqTpE8ckg02vhW5
6aYsf0NLJ6ouPxOdw/5NrcmoAF7D/LMh7cPOPIJ/qt/ISfMJrZDCEcVJpYtdTajb
ubxaAjA4Gf34ORt/RQGX2PLLKnZce7rXaGmlweVi3QDAPTY7eTQ=
=bnGd
-----END PGP SIGNATURE-----
--- End Message ---
