Your message dated Sun, 13 May 2018 20:51:09 +0000
with message-id <[email protected]>
and subject line Bug#898076: fixed in wget 1.18-5+deb9u2
has caused the Debian Bug report #898076,
regarding wget: CVE-2018-0494: cookie injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
898076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898076
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wget
Version: 1.19.4-1
Severity: grave
Tags: patch security upstream fixed-upstream
Hi,
The following vulnerability was published for wget.
CVE-2018-0494[0]:
cookie injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494
[1]
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wget
Source-Version: 1.18-5+deb9u2
We believe that the bug you reported is fixed in the latest version of
wget, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated wget package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 May 2018 21:08:15 +0200
Source: wget
Binary: wget wget-udeb
Architecture: source
Version: 1.18-5+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Noël Köthe <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 898076
Description:
wget - retrieves files from the web
wget-udeb - retrieves files from the web (udeb)
Changes:
wget (1.18-5+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cookie injection (CVE-2018-0494) (Closes: #898076)
Checksums-Sha1:
e583bd9815eb30b794a36bdd7a63503a2af639b6 2085 wget_1.18-5+deb9u2.dsc
cf9db92ff7cccd07353f0fc330dd7a1653b1e335 23308 wget_1.18-5+deb9u2.debian.tar.xz
Checksums-Sha256:
613256e709fb78230402013e0f30c6cd9dfa441a3c705c96a6ecd419c5adde8a 2085
wget_1.18-5+deb9u2.dsc
8d98535e4062442c1eb0bcdb557551ee64323f09352528f741afd20ed81b09b1 23308
wget_1.18-5+deb9u2.debian.tar.xz
Files:
95cd20d45d7e087c88ff1b60635363ae 2085 web important wget_1.18-5+deb9u2.dsc
f562c4458ea3aa9213de3608db60f792 23308 web important
wget_1.18-5+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrvVRBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E9hgP/1CvC7g3BfYlQTiEuiutYLrx8dhYu0AC
AjBZxaUXqBKNf/TZ5a4gCXF8W2EKdBu/zw9dG3tGvVicJz2dom6bbaOMjt78B8KO
AhbV1Zew/0EkYhYJvLDoklE4wpIKCTLEBT2BT2Jicv0zIl6k9dUuIbgNZZHG4Q2K
RuC1rSKGbZLUiMIMAclbSCyDmF5H/4aVQc/NGr9C/TldWRRqG6a/g16eZ/TKkEXh
ouaMAbyj3gGh/evggCNG40qGdS81gC9MYGMLOQObpzWNMiVw4xtzRP9J3boUzK63
Rx+wg4sflfvUIyXe1D8zDmQcupm3mC3bwh2lypns5oH7phQPU+r5SG8ZvJ9bQeLz
VJ/niCPUwkk5u2EDvTsfSS0a5cnJMCBV9oHfAm+S6REIhQkLL1MMT6wwlQ6I1uQ9
97JJBElN1yWDReygsMSVq8qPd4mKMmMyC5LVCR3OxSMNjFGi4Pryi8bM9TyCGcLR
yzigR1p/rd9ytxkFN9igyCA1GPaq/4NQJjIPMJnRFcyjzIMknX2pmYsYlc6D3N3z
oTostbfAm4x4ikjARUyFPIV9uzQ/q+GTVUgg4CRIIz/3q9emIkKFN6fR4eW1x/pT
a3kSyJUrHWAyB3lUnZfqpRHMgHOxWAEec4Q1lcJeZmOLkv6BJWwNip0SxdYa39nJ
8u+c9Zv9r+ir
=l5Zj
-----END PGP SIGNATURE-----
--- End Message ---