[ubuntu/natty] wget 1.12-2.1ubuntu1 (Accepted)
Lorenzo De Liso
blackz at ubuntu.com
Wed Nov 3 18:30:30 GMT 2010
wget (1.12-2.1ubuntu1) natty; urgency=low
* Merge from debian unstable (LP: #403070), remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes:
- SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
+ debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
+ This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
+ CVE-2010-2252: fixed in debian
wget (1.12-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-2252: use of server provided file name might lead to
overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
Security team (Closes: #590296)
wget (1.12-2) unstable; urgency=low
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
closes: #574185
* debian/source/format switched to dpkg-source 3.0 (quilt) format
wget (1.12-1.2) unstable; urgency=low
* Non-maintainer upload.
* Revised po/zh_CN.po based on
http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
to correct mistranslation of " eta " etc. closes: Bug#570528
* Revised po/de.po to removed extraneous doubled quote signs in German
locale. closes: Bug#571704
* debian/control updated Standards-Version to 3.8.4, no changes
Date: Tue, 02 Nov 2010 15:17:29 +0100
Changed-By: Lorenzo De Liso <blackz at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/natty/+source/wget/1.12-2.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 Nov 2010 15:17:29 +0100
Source: wget
Binary: wget wget-udeb
Architecture: source
Version: 1.12-2.1ubuntu1
Distribution: natty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lorenzo De Liso <blackz at ubuntu.com>
Description:
wget - retrieves files from the web
wget-udeb - retrieves files from the web (udeb)
Closes: 570528 571704 574185 590296
Launchpad-Bugs-Fixed: 403070 503339
Changes:
wget (1.12-2.1ubuntu1) natty; urgency=low
.
* Merge from debian unstable (LP: #403070), remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes:
- SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
+ debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
+ This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
+ CVE-2010-2252: fixed in debian
.
wget (1.12-2.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-2252: use of server provided file name might lead to
overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
Security team (Closes: #590296)
.
wget (1.12-2) unstable; urgency=low
.
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
closes: #574185
* debian/source/format switched to dpkg-source 3.0 (quilt) format
.
wget (1.12-1.2) unstable; urgency=low
.
* Non-maintainer upload.
* Revised po/zh_CN.po based on
http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
to correct mistranslation of " eta " etc. closes: Bug#570528
* Revised po/de.po to removed extraneous doubled quote signs in German
locale. closes: Bug#571704
* debian/control updated Standards-Version to 3.8.4, no changes
Checksums-Sha1:
cf1d13b9d38fc4ee91f6c4fb25681432f44bd4c0 1813 wget_1.12-2.1ubuntu1.dsc
50d4ed2441e67db7aa5061d8a4dde41ee0e94248 2464747 wget_1.12.orig.tar.gz
69502a49c535c774246986a8f54a1a07b3f69447 48991 wget_1.12-2.1ubuntu1.debian.tar.gz
Checksums-Sha256:
c253496264a8d2cbf32ca53364b34c73066c2499731985ec58ff298d300e20ef 1813 wget_1.12-2.1ubuntu1.dsc
7578ed0974e12caa71120581fa3962ee5a69f7175ddc3d6a6db0ecdcba65b572 2464747 wget_1.12.orig.tar.gz
dafadb101adc3085092c793f0248a536131683ef554ed1b6db991dd04a219263 48991 wget_1.12-2.1ubuntu1.debian.tar.gz
Files:
8bc08b9d89c5dabc6cf517b5987714d6 1813 web important wget_1.12-2.1ubuntu1.dsc
141461b9c04e454dc8933c9d1f2abf83 2464747 web important wget_1.12.orig.tar.gz
1f2c76ad3358c2a6acb10500e884ea6a 48991 web important wget_1.12-2.1ubuntu1.debian.tar.gz
Original-Maintainer: Noèl Köthe <noel at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJM0akLAAoJEGVp2FWnRL6TopgQAKOHo/I+pZpRf5IfGZB6PQEL
Wpb5X+C+Uf61oEuee1vlG1IFEm9zttb1Lwfslx3deHiMHiLMs/q4T5Pbty6vwo7H
+WKDcU8Uryx0F8s/bEmz/Ou3yIQtPv+A4UWglRE6Yb21g+U1RXsVu9JlL+dzYcom
tjs0OsDq3i2lyVkVgqjDbqEd3hGBsQTzc/S4vUFx2empR8FCqVifCGW4MSmYPFDG
ZBzE+osxakAdPQvKPSXa6qobM3ZZfrFW5eyCui+rO8s/5B63KTWxixZM2LCUs3nV
DTkMD4RA7VHeO6GhBWRkHTStzmMXBdHMKtbxsCG/gbMXFmh98EP513Wf9V+vFGRo
QIAH4oAoSCSu0LKqO77o2WzSmcranFp1FjW/XYzpDoXOS4vGSolFsRccSWWaH0p5
epiPSl7SnR6YQMersISTauxgIyyxBsiGOSGY6AW5FbwGoL/eu695pI5xO6MKRAE4
A0yDDplROn51FFXohskg+0xLQLxtMnMssUsD0eYuQGGTHMJlplXIytz1xXQ0q1WK
yfdW7ZDLi/1S4sHRsDUbBrKyAIxvTRKfg4QPBavvBMjSSt0/ECuvWoULWFt0T1fw
Ba7QOoYNgPXd7vx7nxlgpd17FJIxTx+TWAMN9mifRk1bvHrkfx5qZo3EHetB5hqs
scpfsAtIEYRi/5rmPJ6I
=gN/t
-----END PGP SIGNATURE-----
More information about the Natty-changes
mailing list