Your message dated Sat, 18 Mar 2017 16:07:57 +0000
with message-id <[email protected]>
and subject line Bug#857073: fixed in wget 1.18-5
has caused the Debian Bug report #857073,
regarding wget: CVE-2017-6508: CRLF injection in the url_parse function in url.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
857073: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wget
Version: 1.16-1
Severity: important
Tags: patch security upstream
Forwarded: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Hi,
the following vulnerability was published for wget.
CVE-2017-6508[0]:
| CRLF injection vulnerability in the url_parse function in url.c in Wget
| through 1.19.1 allows remote attackers to inject arbitrary HTTP headers
| via CRLF sequences in the host subcomponent of a URL.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6508
[1] http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
[2]
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.18-5
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noël Köthe <[email protected]> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Mar 2017 15:12:55 +0100
Source: wget
Binary: wget wget-udeb
Architecture: source amd64
Version: 1.18-5
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: Noël Köthe <[email protected]>
Changed-By: Noël Köthe <[email protected]>
Description:
wget - retrieves files from the web
wget-udeb - retrieves files from the web (udeb)
Closes: 857073
Changes:
wget (1.18-5) testing-proposed-updates; urgency=medium
.
* applied upstream patch to fix CVE-2017-6508 closes: Bug#857073
Checksums-Sha1:
3642880c307683b27ba67119a93c2abc35c4a55d 1902 wget_1.18-5.dsc
8e7e3b9c4da6c11fa0c9104bdc08b39492cdb4d2 21940 wget_1.18-5.debian.tar.xz
2f1e6ae15ac52651b6fdb2ec248bd95a9a1c5632 449980 wget-dbgsym_1.18-5_amd64.deb
eb23a83bffb83e7c3237e6a592f8a78a73815ecc 148266 wget-udeb_1.18-5_amd64.udeb
0fab04d71893b8aca9e66df7d7efbffc95087538 7222 wget_1.18-5_amd64.buildinfo
6cad3e02bf17499d2d16fa1514c5df9703defa6d 799504 wget_1.18-5_amd64.deb
Checksums-Sha256:
3aabc0aeb73b151e9e6433db98270cb88629197dec6cfd7b811f237402b27fdb 1902
wget_1.18-5.dsc
398296b9ac72a8471ad3478370d4ed674be478572ccb70f6b61950d9b1d8044f 21940
wget_1.18-5.debian.tar.xz
5a42f452f113ef28b99a15aa9f8e663bb667957a9cb6f63425a2ac83da70bad8 449980
wget-dbgsym_1.18-5_amd64.deb
683c5e60165f006d248e94f9fc1c8d54e7f01dfd98e96a16ac1ca9287bb7069f 148266
wget-udeb_1.18-5_amd64.udeb
2e2e8b22be55f19ad5d5b5f0831bc06d7beb69b1e66d3a2f74a91aa0d1c93dcc 7222
wget_1.18-5_amd64.buildinfo
cd23e0a3d59df1f8af3de690768186d829991099e9cdb8eb5716e38a1b5d83f3 799504
wget_1.18-5_amd64.deb
Files:
e0b037b6900696e001c426f2db62c7fc 1902 web important wget_1.18-5.dsc
03e65c32601669212c698bf9fb26a1f1 21940 web important wget_1.18-5.debian.tar.xz
c9980d663b309e91fe7a08c0e5ab598a 449980 debug extra
wget-dbgsym_1.18-5_amd64.deb
85ae85b6538f71c43d464ef1a7f01af1 148266 debian-installer extra
wget-udeb_1.18-5_amd64.udeb
576d5c2f6eb46db3e0482d88b04a9696 7222 web important wget_1.18-5_amd64.buildinfo
46a3446f4a6184ee827ab5c6a5afca65 799504 web important wget_1.18-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpF5AXAxsgPE/8VIXaMB4voj4DNoFAljNSj4ACgkQaMB4voj4
DNrv6RAAhX3gMHJ+GPYKFWyOFWAH0CDJDuGhIPsxZCT99AmwY7xyRCW0Qk8O3rCW
4+g05GAlytFV3y47NfEEOhmf119y82JbYth3PVLbUc1EOUxf00CG+G3es/HzLJaW
EUlvDHcwEb9GML2y4jooJ01v7sGDUH4PPbPsDDRlWYQccDb5ftLCEyE+m15AN19o
uEm8RwNih3UUvg9WDzLYA/mBaS8A5WkxrKh3e5hPJnncE8GcEYog0lpqGqXecKtW
Jj/QH8CQ2cV86P4A42lrCQ/eZV1L40mi44YGzyCXQwO93eruW3oTnCfP1GFvGeYb
/AyE7jHQreuB/ubI0ev8/BREiJpyHA4Gb+/Baz7nTouWB/2v7B2Aqhr/3Eg4Oa5i
F5tGE6mqRGKnaX9jx2utBB9epSOV+a5w+z8umStZVGUedlunZjXqmJqYMysAXsRe
Dc2hZ58wiPmbJHgE5lXMbRH7fOg2A7Q2Oe25ixk0DGi2zn2eUC/eXeXW+y/+CMg3
aJOENrHp3AzH/eE9lPaYWTmiEZ9j4AF8F+eSFbnlSJLUpmngApoiw3PtYyUw5pxQ
BuB5cRDtbF1NzZSESRjo8flzR2ldFwfGC8KBR56F/GgBosxBjNM9bzV3DvH8MIx6
NTdSLhDG9uebvb6O7EllfJoUmZUqVmP7hD77j7JVoVIyUWshsUc=
=wdPP
-----END PGP SIGNATURE-----
--- End Message ---
