Bug#926888: unblock: wget/1.20.1-1.1

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#926888: unblock: wget/1.20.1-1.1

Salvatore Bonaccorso-4
Package: release.debian.org
Severity: normal
User: [hidden email]
Usertags: unblock

Hi,

Please unblock package wget

It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
handling of Internationalized Resource Identifiers (IRI), it was
adressed as well in DSA-4425-1 for stretch.

Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.

unblock wget/1.20.1-1.1

Regards,
Salvatore

wget_1.20.1-1.1.debdiff (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#926888: unblock: wget/1.20.1-1.1

Niels Thykier
Control: tags -1 d-i confirmed

Salvatore Bonaccorso:

> Package: release.debian.org
> Severity: normal
> User: [hidden email]
> Usertags: unblock
>
> Hi,
>
> Please unblock package wget
>
> It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
> handling of Internationalized Resource Identifiers (IRI), it was
> adressed as well in DSA-4425-1 for stretch.
>
> Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.
>
> unblock wget/1.20.1-1.1
>
> Regards,
> Salvatore
>

Hi,

OK from here; Cc'ing KiBi for a d-i ack.

Thanks,
~Niels

Reply | Threaded
Open this post in threaded view
|

Bug#926888: unblock: wget/1.20.1-1.1

Niels Thykier
On Fri, 12 Apr 2019 07:54:00 +0000 Niels Thykier <[hidden email]> wrote:

> Control: tags -1 d-i confirmed
>
> Salvatore Bonaccorso:
> > Package: release.debian.org
> > Severity: normal
> > User: [hidden email]
> > Usertags: unblock
> >
> > Hi,
> >
> > Please unblock package wget
> >
> > It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
> > handling of Internationalized Resource Identifiers (IRI), it was
> > adressed as well in DSA-4425-1 for stretch.
> >
> > Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.
> >
> > unblock wget/1.20.1-1.1
> >
> > Regards,
> > Salvatore
> >
>
> Hi,
>
> OK from here; Cc'ing KiBi for a d-i ack.
>
> Thanks,
> ~Niels
>
>

Gentle ping on this unblock request for a CVE fix in wget.

Thanks,
~Niels

Reply | Threaded
Open this post in threaded view
|

Bug#926888: unblock: wget/1.20.1-1.1

Cyril Brulebois-4
Hi,

Niels Thykier <[hidden email]> (2019-04-21):

> On Fri, 12 Apr 2019 07:54:00 +0000 Niels Thykier <[hidden email]> wrote:
> > Control: tags -1 d-i confirmed
> >
> > Salvatore Bonaccorso:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: [hidden email]
> > > Usertags: unblock
> > >
> > > Hi,
> > >
> > > Please unblock package wget
> > >
> > > It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
> > > handling of Internationalized Resource Identifiers (IRI), it was
> > > adressed as well in DSA-4425-1 for stretch.
> > >
> > > Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.
> > >
> > > unblock wget/1.20.1-1.1
> > >
> > > Regards,
> > > Salvatore

> > OK from here; Cc'ing KiBi for a d-i ack.
> >
> > Thanks,
> > ~Niels
> >
> >
>
> Gentle ping on this unblock request for a CVE fix in wget.

No objections, thanks.

Sorry, I had closed my local todo item as I thought it was done already,
but I got confused there (was probably thinking about the openssl bug
fix that made wget work in d-i)…


Cheers,
--
Cyril Brulebois ([hidden email])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

signature.asc (849 bytes) Download Attachment