[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Lack of wget-ssl (was: Accepted wget 1.8.1-6.1 (i386 source))

On Thu, 12 Dec 2002 at 17:37:36 -0500, Wichert Akkerman wrote:
> Date: Wed, 11 Dec 2002 12:00:49 +0100
> Source: wget
> Binary: wget
> Architecture: source i386
> Version: 1.8.1-6.1
> Distribution: stable-security
> Urgency: medium
> Maintainer: Noel Koethe <noel@debian.org>
> Changed-By: Wichert Akkerman <wakkerma@debian.org>
> Description: 
>  wget       - retrieves files from the web
> Changes: 
>  wget (1.8.1-6.1) stable-security; urgency=medium
>  .
>    * Non-maintainer upload by security team
>    * Fix directory traversal problem in FTP client
>    * Fix buffer overrun in url_filename function
> Files: 
>  97af60040e8d7a2cd538d18a5120cd87 1217 web optional wget_1.8.1-6.1.dsc
>  69f96b6608e043e0d781061a22e90169 9939 web optional wget_1.8.1-6.1.diff.gz
>  afc976eaaf4cd416f8eedd347d18367b 332394 web optional wget_1.8.1-6.1_i386.deb

I use stable (woody).
Is wget-ssl also vulnerable? Probably yes.

At first, I was surprised that I didn't find any wget-ssl package at
Debian's "search packages" page (although 'apt-cache show wget-ssl'
shows it - but apparently just because I've got this package installed).

After some searching, I've come to a message by Noel Koethe dated
14 Jul 2002:
contaning this excerpt:

"For unknown reason the "wget-ssl" package is removed
from woody. Anybody knows why?

I requested a removal of wget-ssl for sid (#148441) because
wget 1.8.2 has https support in the wget package in main.

Please reinsert wget-ssl to woody or better use wget 1.8.2
for woody."

Unfortunately, that letter wasn't answered at all.
I'm quite disappointed because of that. Somebody erroneously (most
probably) removed wget-ssl from woody and later he didn't correct his
mistake, nor even answered Noel's request.

What can I do if I want to have https support in wget installed on my
systems? I can't uninstall wget-ssl and install wget from woody as it
doesn't support https.
Am I to use wget from "testing" (1.8.2-5)? Is it safe?

 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to: