[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

wget 1.9.1-11 fixes security RC bugs #261755 and #284875



Hello,

the 2 security RC bugs were fixed with backported patches from the 1.10
cvs version by the upstream author:

 wget (1.9.1-11) unstable; urgency=high

   * going back to -8 status to have minimal changes to current
     sarge version
   * backported fixes from Hrvoje Niksic/upstream from wget 1.10
     cvs version (thanks alot Hrvoje Niksic!):
     - adds the filtering of control chars
       (closes: Bug#261755)
     - prevents hosts named ".." from writing to ../. and
       prevents "%00" truncating C strings that hold URLs
       (closes: Bug#284875)
   * removed unneeded texi2html build-dep
     (closes: Bug#305425)

Frank Lichtenheld informed me about the missing CAN numbers which I
should add to the changelog but not do an extra upload only for the
numbers:

CAN-2004-1488 (bug #261755)
CAN-2004-1487 (bug #284875)

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: