Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 682994 (CVE-2019-5953) - <net-misc/wget-1.20.3: buffer overflow vulnerability (CVE-2019-5953)
Summary: <net-misc/wget-1.20.3: buffer overflow vulnerability (CVE-2019-5953)
Status: RESOLVED FIXED
Alias: CVE-2019-5953
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-10 03:26 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-15 17:52 UTC (History)
3 users (show)

See Also:
Package list:
net-misc/wget-1.20.3-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-04-10 03:26:08 UTC
CVE-2019-5953 (https://nvd.nist.gov/vuln/detail/CVE-2019-5953):
  A buffer overflow vulnerability was found in GNU Wget 1.20.1 and earlier. An
  attacker may be able to cause a denial-of-service (DoS) or may execute an
  arbitrary code.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-04-10 04:02:28 UTC
arm64 stable
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-04-10 04:12:17 UTC
amd64 stable
Comment 3 Hanno Böck gentoo-dev 2019-04-10 07:07:44 UTC
Changing the subject to clarify we need 1.20.3 for a complete fix. It seems the fix was forgotten in 1.20.2:
https://twitter.com/ruehsen/status/1115867894255181834
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-10 17:06:04 UTC
x86 stable
Comment 5 Rolf Eike Beer archtester 2019-04-11 05:22:54 UTC
sparc stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-14 16:15:51 UTC
arm stable
Comment 7 Rolf Eike Beer archtester 2019-04-17 20:43:41 UTC
hppa stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 17:51:53 UTC
alpha stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-26 20:49:05 UTC
s390 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-27 16:39:07 UTC
ppc64 stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-27 16:46:13 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2019-06-05 07:29:44 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 13 Larry the Git Cow gentoo-dev 2019-06-12 11:23:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ff2fc4f9445e4c6a87168740825ee7005fcb563

commit 9ff2fc4f9445e4c6a87168740825ee7005fcb563
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-06-12 11:22:55 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-06-12 11:22:55 +0000

    net-misc/wget: Security cleanup
    
    Bug: https://bugs.gentoo.org/682994
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-misc/wget/Manifest           |   2 -
 net-misc/wget/wget-1.20.1.ebuild | 118 ---------------------------------------
 net-misc/wget/wget-1.20.2.ebuild | 118 ---------------------------------------
 3 files changed, 238 deletions(-)
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2019-08-15 17:52:56 UTC
This issue was resolved and addressed in
 GLSA 201908-19 at https://security.gentoo.org/glsa/201908-19
by GLSA coordinator Aaron Bauman (b-man).