-
wget (1.19.4-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Access to sensitive information
- debian/patches/CVE-2018-20483-*.patch: fix in
src/ftp.c, src/http.c, src/xattr.c, src/xattr.h,
src/init.c, src/main.c, doc/wget.texi.
- CVE-2018-20483
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-5953-*.patch: fix in
src/iri.c.
- CVE-2019-5953
-- <email address hidden> (Leonidas S. Barbosa) Mon, 08 Apr 2019 15:51:50 -0300
-
wget (1.19.4-1ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: Cookie injection vulnerability
- debian/patches/CVE-2018-0494.patch: fix cooking injection
in src/http.c.
- CVE-2018-0494
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 May 2018 14:02:01 -0300
-
wget (1.19.4-1ubuntu2) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:55:42 +0000
-
wget (1.19.4-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
wget (1.19.4-1) unstable; urgency=medium
* new upstream release from 2018-01-21
removed patches from 1.19.3-2
* debian/control changed Priority from important to standard see #834811
* debian/compat to 11 and removed then unneded build-depends autotools-dev
-- Julian Andres Klode <email address hidden> Mon, 05 Feb 2018 14:38:47 +0100
-
wget (1.19.3-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
wget (1.19.3-2) unstable; urgency=medium
* added upstream patches:
- 0001-Switch-off-compression-by-default.patch
- 0001--srchttpc-gethttp-Fix-bug-that-prevented-all-files-from-being-decompressed.patch
closes: Bug#887913, Bug#887910
wget (1.19.3-1) unstable; urgency=medium
* new upstream release from 2018-01-19
- removed upstream included patches: wget_813158fixsegfault.patch
and gnulib.git.patch
* debian/upstream/signing-key.asc added Darshit Shah
wget (1.19.2-2) unstable; urgency=medium
* fixed segfault with upstream patch. closes: Bug#813158, #880542
wget_813158fixsegfault.patch
* corrected debian/watch
* debian/control: updated Standard-Version to 4.1.3; no changes needed
-- Julian Andres Klode <email address hidden> Tue, 23 Jan 2018 16:26:53 +0100
-
wget (1.19.2-1ubuntu1) bionic; urgency=medium
* Merge with Debian, remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
- debian/control: add pkg-config to Build-Depends.
* Dropped changes:
- Don't build with libpsl-dev, which is in universe. (it's in main now)
wget (1.19.2-1) unstable; urgency=high
* new upstream release from 2017-10-27 fixes
CVE-2017-13089/CVE-2017-13090 closes: Bug#879957
* debian/watch added opts=pgpmode=auto
* added debian/upstream/signing-key.asc
* debian/control updated Standards Version to 4.1.1 (needed change
see above)
* removed upstream included debian/patches/CVE-2017-6508
* updated debian/patches/gnulib.git.patch
wget (1.19.1-5) unstable; urgency=low
* added patch from Bruno Haible <email address hidden> to
fix build on hurd-i386 (Thanks Svante!). closes: Bug#858995
* debian/control wget-udeb Priority changed from extra to optional
wget (1.19.1-4) unstable; urgency=medium
* debian/control: added missing build-dep pkg-config. closes: Bug#865886
thx for reporting:)
* debian/control: updated Standard-Version to 4.0.0; no changes needed
-- Marc Deslauriers <email address hidden> Fri, 10 Nov 2017 08:45:48 -0500
-
wget (1.19.1-3ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: stack overflow in HTTP protocol handling
- debian/patches/CVE-2017-13089.patch: return error on negative chunk
size in src/http.c.
- CVE-2017-13089
* SECURITY UPDATE: heap overflow in HTTP protocol handling
- debian/patches/CVE-2017-13090.patch: stop processing on negative
chunk size in src/retr.c.
- CVE-2017-13090
-- Marc Deslauriers <email address hidden> Mon, 23 Oct 2017 15:17:58 -0400
-
wget (1.19.1-3ubuntu1) artful; urgency=medium
* Merge with Debian, remaining changes:
- Don't Build-Depend on libgnutls28-dev.
- Pass --with-ssl=openssl
- Don't build with libpsl-dev, which is in universe.
- Enable parallel builds.
- debian/patches/disable-SSLv3.patch: properly detect SSLv3 being
disabled on Ubuntu because the method still exists for ABI reasons.
* debian/control: add pkg-config to Build-Depends.
wget (1.19.1-3) unstable; urgency=medium
* also apply the patch in 1.19.1-2 m(
wget (1.19.1-2) unstable; urgency=medium
* added upstream patch to fix CVE-2017-6508 closes: Bug#857073
wget (1.19.1-1) unstable; urgency=medium
* new upstream release from 2017-02-11 to sid
- removed wget-doc-CRLs.patch because CRLs are supported
closes: Bug#849389
wget (1.19-1) experimental; urgency=medium
* new upstream release from 2017-02-03
(upload to unstable after stretch freeze)
* removed upstream applied patches wget-openssl1.1.0.patch and
CVE-2016-7098.patch
wget (1.18-4) unstable; urgency=medium
* added patches to fix CVE-2016-7098:
files rejected by access list are kept on the disk for the duration of
HTTP connection closes: #836503
wget (1.18-3) unstable; urgency=medium
* make the build reproducible (Thanks Reiner!). closes: #833070
-- Marc Deslauriers <email address hidden> Wed, 03 May 2017 08:47:18 -0400