Re: wget CVE-2006-6719 fixed since some years

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Noel,

On Tue, Oct 04, 2016 at 01:25:53PM +0200, Noël Köthe wrote:
> Hello,
> 
> https://security-tracker.debian.org/tracker/source-package/wget ;
> lists CVE-2006-6719 and I checked if the patch is already included in
> the Debian package.
> 
> http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2
> is the included upstream patch but not marked with CVE by upstream.:(
> 
> The patch is included in wget Debian in oldstable 1.13.4.3-(If needed I
> can check since which version it got added).

Can you determine which version which entered back then unstable did
contain the fix? We want to be as exact as possible regarding the
fixing version).

> The security-tracker should show it as "Resolced issue".

Sure, as soon we have the fixing version, thanks a lot for
investigating and pinging.

> Do you want to get a note in debian/changelog in the old Debian version
> it got added, or do you just correct it in your database?

No a note in the changelog is not needed, we should just record the
fixed version for the tracker.

Regards,
Salvatore