Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 682994 (CVE-2019-5953)

Summary: <net-misc/wget-1.20.3: buffer overflow vulnerability (CVE-2019-5953)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: base-system, m68k, sh+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-04-10 03:26:08 UTC
CVE-2019-5953 (
  A buffer overflow vulnerability was found in GNU Wget 1.20.1 and earlier. An
  attacker may be able to cause a denial-of-service (DoS) or may execute an
  arbitrary code.
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-10 04:02:28 UTC
arm64 stable
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-10 04:12:17 UTC
amd64 stable
Comment 3 Hanno Böck gentoo-dev 2019-04-10 07:07:44 UTC
Changing the subject to clarify we need 1.20.3 for a complete fix. It seems the fix was forgotten in 1.20.2:
Comment 4 Thomas Deutschmann gentoo-dev 2019-04-10 17:06:04 UTC
x86 stable
Comment 5 Rolf Eike Beer archtester 2019-04-11 05:22:54 UTC
sparc stable
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-14 16:15:51 UTC
arm stable
Comment 7 Rolf Eike Beer archtester 2019-04-17 20:43:41 UTC
hppa stable
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 17:51:53 UTC
alpha stable
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-26 20:49:05 UTC
s390 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-27 16:39:07 UTC
ppc64 stable
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-27 16:46:13 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2019-06-05 07:29:44 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 13 Larry the Git Cow gentoo-dev 2019-06-12 11:23:06 UTC
The bug has been referenced in the following commit(s):

commit 9ff2fc4f9445e4c6a87168740825ee7005fcb563
Author:     Lars Wendler <>
AuthorDate: 2019-06-12 11:22:55 +0000
Commit:     Lars Wendler <>
CommitDate: 2019-06-12 11:22:55 +0000

    net-misc/wget: Security cleanup
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Lars Wendler <>

 net-misc/wget/Manifest           |   2 -
 net-misc/wget/wget-1.20.1.ebuild | 118 ---------------------------------------
 net-misc/wget/wget-1.20.2.ebuild | 118 ---------------------------------------
 3 files changed, 238 deletions(-)
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2019-08-15 17:52:56 UTC
This issue was resolved and addressed in
 GLSA 201908-19 at
by GLSA coordinator Aaron Bauman (b-man).