Changelog
wget (1.12-2.1ubuntu1) natty; urgency=low
* Merge from debian unstable (LP: #403070), remaining changes:
- Add wget-udeb to ship wget.gnu as alternative to busybox wget
implementation.
- Keep build dependencies in main:
+ debian/control: remove info2man build-dep
+ debian/patches/00list: disable wget-infopod_generated_manpage.dpatch
- Depend on libssl-dev 0.9.8k-7ubuntu4 (LP: #503339)
* Dropped changes:
- SECURITY UPDATE: arbitrary file overwrite via 3xx redirect
+ debian/patches/CVE-2010-2252.dpatch: don't use server names in
doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}.
+ This update changes previous behaviour by ignoring the filename
supplied by the server during redirects. To re-enable previous
behaviour, see the new --trust-server-names option.
+ CVE-2010-2252: fixed in debian
wget (1.12-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-2252: use of server provided file name might lead to
overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
Security team (Closes: #590296)
wget (1.12-2) unstable; urgency=low
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
closes: #574185
* debian/source/format switched to dpkg-source 3.0 (quilt) format
wget (1.12-1.2) unstable; urgency=low
* Non-maintainer upload.
* Revised po/zh_CN.po based on
http://translationproject.org/PO-files/zh_CN/wget-1.12-pre6.zh_CN.po
to correct mistranslation of " eta " etc. closes: Bug#570528
* Revised po/de.po to removed extraneous doubled quote signs in German
locale. closes: Bug#571704
* debian/control updated Standards-Version to 3.8.4, no changes
-- Lorenzo De Liso <email address hidden> Tue, 02 Nov 2010 15:17:29 +0100
