[ubuntu/lucid-security] wget_1.12-1.1ubuntu2.1_i386_translations.tar.gz, wget_1.12-1.1ubuntu2.1_powerpc_translations.tar.gz, wget_1.12-1.1ubuntu2.1_sparc_translations.tar.gz (delayed), wget_1.12-1.1ubuntu2.1_amd64_translations.tar.gz, wget_1.12-1.1ubuntu2.1_armel_translations.tar.gz, wget, wget_1.12-1.1ubuntu2.1_ia64_translations.tar.gz 1.12-1.1ubuntu2.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Sep 2 14:03:47 BST 2010 

wget (1.12-1.1ubuntu2.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
    - debian/patches/CVE-2010-2252.dpatch: don't use server names in
      doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
    - This update changes previous behaviour by ignoring the filename
      supplied by the server during redirects. To re-enable previous
      behaviour, see the new --trust-server-names option.
    - CVE-2010-2252

Date: Tue, 31 Aug 2010 14:55:47 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/wget/1.12-1.1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Tue, 31 Aug 2010 14:55:47 -0400
Source: wget
Binary: wget wget-udeb
Architecture: source
Version: 1.12-1.1ubuntu2.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 wget       - retrieves files from the web
 wget-udeb  - retrieves files from the web (udeb)
Changes: 
 wget (1.12-1.1ubuntu2.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
     - debian/patches/CVE-2010-2252.dpatch: don't use server names in
       doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
     - This update changes previous behaviour by ignoring the filename
       supplied by the server during redirects. To re-enable previous
       behaviour, see the new --trust-server-names option.
     - CVE-2010-2252
Checksums-Sha1: 
 31d81be0aa63d9d62a7efaa8ab87a9cab22874be 1160 wget_1.12-1.1ubuntu2.1.dsc
 fc6e98c48ec70464b34fd4f45cc591335df2f9aa 40454 wget_1.12-1.1ubuntu2.1.diff.gz
Checksums-Sha256: 
 c8fd2c9ebb49f8160859312de4e83892d2bc02c906caccf2c11f9a952c9f90f2 1160 wget_1.12-1.1ubuntu2.1.dsc
 76776034706db5f057de119fa5526c652cf63d36e6afd44f62b6ebc359ab3123 40454 wget_1.12-1.1ubuntu2.1.diff.gz
Files: 
 d4178e19150826c6c1101b16a67cfc67 1160 web important wget_1.12-1.1ubuntu2.1.dsc
 0d331ab6957f872485bbe36a52bcbfd2 40454 web important wget_1.12-1.1ubuntu2.1.diff.gz
Original-Maintainer: Noèl Köthe <noel at debian.org>

More information about the Lucid-changes mailing list