Your message dated Sun, 06 May 2018 19:21:32 +0000
with message-id <[email protected]>
and subject line Bug#898076: fixed in wget 1.19.5-1
has caused the Debian Bug report #898076,
regarding wget: CVE-2018-0494: cookie injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
898076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898076
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wget
Version: 1.19.4-1
Severity: grave
Tags: patch security upstream fixed-upstream
Hi,
The following vulnerability was published for wget.
CVE-2018-0494[0]:
cookie injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494
[1]
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.19.5-1
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Noël Köthe <[email protected]> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 May 2018 20:44:40 +0200
Source: wget
Binary: wget wget-udeb
Architecture: source amd64
Version: 1.19.5-1
Distribution: unstable
Urgency: medium
Maintainer: Noël Köthe <[email protected]>
Changed-By: Noël Köthe <[email protected]>
Description:
wget - retrieves files from the web
wget-udeb - retrieves files from the web (udeb)
Closes: 898076
Changes:
wget (1.19.5-1) unstable; urgency=medium
.
* new upstream release from 2018-05-06
* includes a fix for CVE-2018-0494 closes: Bug#898076
Checksums-Sha1:
67c53ed6a63c14b8571cf244ee2705a439bd1d2a 2155 wget_1.19.5-1.dsc
43b3d09e786df9e8d7aa454095d4ea2d420ae41c 4455797 wget_1.19.5.orig.tar.gz
acdc05c52f1e15e88eef506d10dcfacfb6d1d09d 879 wget_1.19.5.orig.tar.gz.asc
cef6cc3b94b0c68809bc684019fc261baeb3bf34 60208 wget_1.19.5-1.debian.tar.xz
b6905111fecf7e3e563759d6d7c130406dec11d1 464476 wget-dbgsym_1.19.5-1_amd64.deb
79de3ba553017ce08c1a43c224a7ee52154324ff 148872 wget-udeb_1.19.5-1_amd64.udeb
09663fb76acb27e3bb758cb22731720dcb3a1137 7525 wget_1.19.5-1_amd64.buildinfo
8b7bd32e3daa5890b38b6d0b85481d56dcaec6ea 869316 wget_1.19.5-1_amd64.deb
Checksums-Sha256:
0171f759be8a7b460e4ee01e932a80dda40125780c73fba675be9959a0affe1e 2155
wget_1.19.5-1.dsc
b39212abe1a73f2b28f4c6cb223c738559caac91d6e416a6d91d4b9d55c9faee 4455797
wget_1.19.5.orig.tar.gz
f2058db1f155fc5564de797d11dc40f5fa721f35e36e02bf06332771db150ef7 879
wget_1.19.5.orig.tar.gz.asc
24e48282b093e87b1b90f5874ae7446386b13ffe61ad68e1681522f3576fd161 60208
wget_1.19.5-1.debian.tar.xz
c71fa6b044717d4971820a8218b22de1c6bbee38e558e9b42b7e85dcbf2eadb2 464476
wget-dbgsym_1.19.5-1_amd64.deb
396d8275be89d9387233662a87cd721b358a2167d93f69e4fc9ee117b18320b8 148872
wget-udeb_1.19.5-1_amd64.udeb
c83f7721e0bd455237d41f20520fa16aad637287a71506eca646fc5e7a221e55 7525
wget_1.19.5-1_amd64.buildinfo
6559cd5c53f631c755ed26351131527bb29b2fcfda5d975175be2a72a0a75b59 869316
wget_1.19.5-1_amd64.deb
Files:
1f42f43e02ab33230eaabbb9407b0a84 2155 web standard wget_1.19.5-1.dsc
2db6f03d655041f82eb64b8c8a1fa7da 4455797 web standard wget_1.19.5.orig.tar.gz
7939647e90819ed664eef433acbf06bd 879 web standard wget_1.19.5.orig.tar.gz.asc
3fdd45f809ccebff0484dbbc1b7f4042 60208 web standard wget_1.19.5-1.debian.tar.xz
4897ea8b4858ac979b797faf6286db4d 464476 debug optional
wget-dbgsym_1.19.5-1_amd64.deb
8f7b74c6e1ec55d0df53a045a5eed6da 148872 debian-installer optional
wget-udeb_1.19.5-1_amd64.udeb
5d6ecc6599bd9d9c8f131d9ee56805f0 7525 web standard
wget_1.19.5-1_amd64.buildinfo
ce55496bd6c4f4935720ba338f7611b9 869316 web standard wget_1.19.5-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpF5AXAxsgPE/8VIXaMB4voj4DNoFAlrvUeIACgkQaMB4voj4
DNqxyhAAj8jbffDZsgft9jMhkHsMQ6pz7VOtCaiNV3hycZnYmPMFC8x9xDhgkD20
V3sgE4HKNErmeX5MnYd1MfKAw1bpyLvKc6uEZcydgmXT+awxF1k5T/nySPt+RBQ/
WvfmcRc5OrIIp+vS69LM5OIRs/xCauIGRL1dQ9UT8XRZynqmHxBI9hM6b9NuH8bv
dK9rnalRzftiC5Y5wUiomO+5WNnfojeeJn3+o+6j21UX/rMojgQU4LgzYRA4R9Hk
T55Zo8GPhE1YZeGt/3/c9FzuJtX5snwqoFmA+CgpkSlkKKjtPquI0PBZNjXDUtjV
jnqYsdniuhbUnG/yd5mnb/q8cfp2U+iWQjA37qFFm6SY3HbGkxOT13ceJp73u4Jj
DvTNilAY7vKI5F2nZooDBeBvgrd5VPb3HQvRFyBuWmbuPA2wsfuduIrEwq/VOZ+6
CZFAGnGtFlh35A4P7MvG9UzIzmGlM6fX70s151YwBpT12RXM+3gUTJxVU0xY/uSe
wIQOt4cMKIAaMAc4QzfNxmb8bv9Anv8lIwM9C5JV3nQkc7uP2pMGkGWNYBKG1Acw
4aLK9QThz2o0NFVfqGk3IvD1rNXRW5jWs6+3NXYCY0D8QI7N9JZ7zYDQBMNLNAOb
R7xku8O5LWW/9CnC+cFCRn65nZyH6p/Hj46tS73PtETRXYBg0wI=
=jg3O
-----END PGP SIGNATURE-----
--- End Message ---