Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))

To: debian-devel@lists.debian.org
Cc: Noel Koethe <noel@debian.org>, Wichert Akkerman <wakkerma@debian.org>
Subject: Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))
From: Tomasz Papszun <tomek@lodz.tpsa.pl>
Date: Fri, 13 Dec 2002 11:30:32 +0100
Message-id: <[🔎] 20021213103032.GK8522@lodz.tpsa.pl>
In-reply-to: <E18MbxY-0006vs-00@auric.debian.org>
References: <E18MbxY-0006vs-00@auric.debian.org>

On Thu, 12 Dec 2002 at 17:37:36 -0500, Wichert Akkerman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
[...]
> Date: Wed, 11 Dec 2002 12:00:49 +0100
> Source: wget
> Binary: wget
> Architecture: source i386
> Version: 1.8.1-6.1
> Distribution: stable-security
> Urgency: medium
> Maintainer: Noel Koethe <noel@debian.org>
> Changed-By: Wichert Akkerman <wakkerma@debian.org>
> Description: 
>  wget       - retrieves files from the web
> Changes: 
>  wget (1.8.1-6.1) stable-security; urgency=medium
>  .
>    * Non-maintainer upload by security team
>    * Fix directory traversal problem in FTP client
>    * Fix buffer overrun in url_filename function
> Files: 
>  97af60040e8d7a2cd538d18a5120cd87 1217 web optional wget_1.8.1-6.1.dsc
>  69f96b6608e043e0d781061a22e90169 9939 web optional wget_1.8.1-6.1.diff.gz
>  afc976eaaf4cd416f8eedd347d18367b 332394 web optional wget_1.8.1-6.1_i386.deb
> 
[...]

I use stable (woody).
Is wget-ssl also vulnerable? Probably yes.

At first, I was surprised that I didn't find any wget-ssl package at
Debian's "search packages" page (although 'apt-cache show wget-ssl'
shows it - but apparently just because I've got this package installed).

After some searching, I've come to a message by Noel Koethe dated
14 Jul 2002:
http://lists.debian.org/debian-devel/2002/debian-devel-200207/msg00683.html
contaning this excerpt:

"For unknown reason the "wget-ssl" package is removed
from woody. Anybody knows why?

I requested a removal of wget-ssl for sid (#148441) because
wget 1.8.2 has https support in the wget package in main.

Please reinsert wget-ssl to woody or better use wget 1.8.2
for woody."

Unfortunately, that letter wasn't answered at all.
I'm quite disappointed because of that. Somebody erroneously (most
probably) removed wget-ssl from woody and later he didn't correct his
mistake, nor even answered Noel's request.

What can I do if I want to have https support in wget installed on my
systems? I can't uninstall wget-ssl and install wget from woody as it
doesn't support https.
Am I to use wget from "testing" (1.8.2-5)? Is it safe?

Regards
-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to:

Follow-Ups:
- Re: Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Lack of wget-ssl
  - From: Andreas Metzler <ametzler@logic.univie.ac.at>

Prev by Date: Re: Bits from tetex maintainers (Re: Accepted tetex-bin ...)
Next by Date: Re: Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))
Previous by thread: Re: ITP: cygwin compiler (I know, I know...)
Next by thread: Re: Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))
Index(es):
- Date
- Thread