[ubuntu/dapper-security] wget (delayed), wget 1.10.2-1ubuntu1.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Sep 2 14:04:53 BST 2010
wget (1.10.2-1ubuntu1.2) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
Date: Wed, 01 Sep 2010 11:40:38 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Noèl Köthe <noel at debian.org>
https://launchpad.net/ubuntu/dapper/+source/wget/1.10.2-1ubuntu1.2
-------------- next part --------------
Format: 1.7
Date: Wed, 01 Sep 2010 11:40:38 -0400
Source: wget
Binary: wget
Architecture: source
Version: 1.10.2-1ubuntu1.2
Distribution: dapper-security
Urgency: low
Maintainer: Noèl Köthe <noel at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
wget - retrieves files from the web
Changes:
wget (1.10.2-1ubuntu1.2) dapper-security; urgency=low
.
* SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
- debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
- This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
- CVE-2010-2252
Files:
d97a4c2c68465eace270b7e066218d20 636 web important wget_1.10.2-1ubuntu1.2.dsc
cf77f701f7a4e993600edad00efcb22b 15892 web important wget_1.10.2-1ubuntu1.2.diff.gz
More information about the dapper-changes
mailing list