Package: wget / 1.18-5+deb9u3

Metadata

Package Version Patches format
wget 1.18-5+deb9u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
wget doc remove usr local in sample.wgetrc | (download)

doc/sample.wgetrc | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
wget doc remove usr local in wget.texi | (download)

doc/wget.texi | 10 4 + 6 - 0 !
1 file changed, 4 insertions(+), 6 deletions(-)

---
wget passive_ftp default | (download)

doc/sample.wgetrc | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
wget doc CRLs.patch | (download)

doc/wget.texi | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

---
wget openssl1.1.0.patch | (download)

src/openssl.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

---
CVE 2016 7098.patch | (download)

NEWS | 6 6 + 0 - 0 !
src/http.c | 21 20 + 1 - 0 !
2 files changed, 26 insertions(+), 1 deletion(-)

---
CVE 2017 6508.patch | (download)

src/url.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

---
CVE 2017 13089.patch | (download)

src/http.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch 1/2] fix stack overflow in http protocol handling
 (CVE-2017-13089)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/http.c (skip_short_body): Return error on negative chunk size

Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
Reported-by: Juhani Eronen from Finnish National Cyber Security Centre

CVE 2017 13090.patch | (download)

src/retr.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch 2/2] fix heap overflow in http protocol handling
 (CVE-2017-13090)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/retr.c (fd_read_body): Stop processing on negative chunk size

Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
Reported-by: Juhani Eronen from Finnish National Cyber Security Centre

Fix cookie injection CVE 2018 0494.patch | (download)

src/http.c | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 fix cookie injection (cve-2018-0494)
Fix a buffer overflow vulnerability.patch | (download)

src/iri.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 fix a buffer overflow vulnerability