[ubuntu/hardy-security] wget_1.10.2-3ubuntu1.2_i386_translations.tar.gz, wget_1.10.2-3ubuntu1.2_amd64_translations.tar.gz, wget_1.10.2-3ubuntu1.2_ia64_translations.tar.gz, wget_1.10.2-3ubuntu1.2_sparc_translations.tar.gz (delayed), wget, wget_1.10.2-3ubuntu1.2_powerpc_translations.tar.gz, wget_1.10.2-3ubuntu1.2_hppa_translations.tar.gz, wget_1.10.2-3ubuntu1.2_lpia_translations.tar.gz 1.10.2-3ubuntu1.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Sep 2 14:04:47 BST 2010


wget (1.10.2-3ubuntu1.2) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
    - debian/patches/CVE-2010-2252.dpatch: don't use server names in
      doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
    - This update changes previous behaviour by ignoring the filename
      supplied by the server during redirects. To re-enable previous
      behaviour, see the new --trust-server-names option.
    - CVE-2010-2252

Date: Wed, 01 Sep 2010 11:20:17 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/wget/1.10.2-3ubuntu1.2
-------------- next part --------------
Format: 1.7
Date: Wed, 01 Sep 2010 11:20:17 -0400
Source: wget
Binary: wget wget-udeb
Architecture: source
Version: 1.10.2-3ubuntu1.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 wget       - retrieves files from the web
 wget-udeb  - retrieves files from the web
Changes: 
 wget (1.10.2-3ubuntu1.2) hardy-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
     - debian/patches/CVE-2010-2252.dpatch: don't use server names in
       doc/wget.texi, src/{http.c,init.c,main.c,options.h,retr.*}.
     - This update changes previous behaviour by ignoring the filename
       supplied by the server during redirects. To re-enable previous
       behaviour, see the new --trust-server-names option.
     - CVE-2010-2252
Files: 
 7789909434c005ca0a74ddf4987405ca 725 web important wget_1.10.2-3ubuntu1.2.dsc
 808bbaa03c0ddbc392de9e156e44d70f 170652 web important wget_1.10.2-3ubuntu1.2.diff.gz
Original-Maintainer: Noèl Köthe <noel at debian.org>


More information about the Hardy-changes mailing list