From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: Re: [PATCH] wget: Update to 1.9.5 Date: Mon, 07 May 2018 00:58:29 +0200 Message-ID: In-Reply-To: <20180506225048.15084-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7071499203223024582==" List-Id: --===============7071499203223024582== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, sorry, dropped - typo in subject. On 07.05.2018 00:50, Matthias Fischer wrote: > Hi, > > Excerpts from official announcement: > > "This version fixes CVE-2018-0494 (Cookie injection vulnerability) found > by Harry Sintonen. > This version fixes several issues, mostly found by OSS-Fuzz. > It also introduces TLS1.3 with OpenSSL, a new option --ciphers and > updates the CSS grammar to version 2.2. > ... > Noteworthy changes: > > * Fix cookie injection (CVE-2018-0494) > * Enable TLS1.3 with recent OpenSSL environment > * New option --ciphers to set GnuTLS / OpenSSL ciphers directly > * Updated CSS grammar to CSS 2.2 > * Fixed several memleaks found by OSS-Fuzz > * Fixed several buffer overflows found by OSS-Fuzz > * Fixed several integer overflows found by OSS-Fuzz > * Several minor bug fixes" > > Best, > Matthias > > Signed-off-by: Matthias Fischer > --- > lfs/wget | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/wget b/lfs/wget > index 7a5cdbb11..39f59ba80 100644 > --- a/lfs/wget > +++ b/lfs/wget > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.19.4 > +VER = 1.19.5 > > THISAPP = wget-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = a2a2c1dc4ac5003fc25a8e60b4a9464e > +$(DL_FILE)_MD5 = 2db6f03d655041f82eb64b8c8a1fa7da > > install : $(TARGET) > > --===============7071499203223024582==--