Bug 228071

Summary:

ftp/wget: Update to 1.19.5 (Fixes CVE-2018-0494).

Product:

Ports & Packages

Reporter:

Yasuhiro Kimura <yasu>

Component:

Individual Port(s)

Assignee:

Vasil Dimov <vd>

Status:

Closed FIXED

Severity:

Affects Only Me

Flags:

bugzilla: maintainer-feedback? (vd)

Priority:

---

Version:

Latest

Hardware:

Any

OS:

Any

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228070

Attachments:

Description	Flags
patch file	none

Description Yasuhiro Kimura freebsd_committer

2018-05-08 15:09:57 UTC

Created attachment 193182 [details]
patch file

Update to 1.19.5. It fixes cookie injection vulnerability (CVE-2018-0494).

VuXML entry for CVE-2018-0494 is reported as bug #228070. So please commit it together.

Comment 1 commit-hook freebsd_committer

2018-05-09 16:19:22 UTC

A commit references this bug:

Author: vd
Date: Wed May  9 16:18:53 UTC 2018
New revision: 469453
URL: https://svnweb.freebsd.org/changeset/ports/469453

Log:
  ftp/wget: Upgrade from 1.19.4 to 1.19.5

  Changelog: http://git.savannah.gnu.org/cgit/wget.git/plain/NEWS

  PR:		ports/228071
  Reported by:	Yasuhiro KIMURA <yasu@utahime.org>
  MFH:		2018Q2
  Security:	CVE-2018-0494

Changes:
  head/ftp/wget/Makefile
  head/ftp/wget/distinfo

Comment 2 Vasil Dimov freebsd_committer

2018-05-09 17:31:29 UTC

Committed, thanks!

Comment 3 commit-hook freebsd_committer

2018-05-10 18:54:58 UTC

A commit references this bug:

Author: vd
Date: Thu May 10 18:54:39 UTC 2018
New revision: 469571
URL: https://svnweb.freebsd.org/changeset/ports/469571

Log:
  MFH: r469453

  ftp/wget: Upgrade from 1.19.4 to 1.19.5

  Changelog: http://git.savannah.gnu.org/cgit/wget.git/plain/NEWS

  PR:		ports/228071
  Reported by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	CVE-2018-0494

  Approved by:	portmgr (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/ftp/wget/Makefile
  branches/2018Q2/ftp/wget/distinfo