CVE-2019-5953 (https://nvd.nist.gov/vuln/detail/CVE-2019-5953): A buffer overflow vulnerability was found in GNU Wget 1.20.1 and earlier. An attacker may be able to cause a denial-of-service (DoS) or may execute an arbitrary code.
arm64 stable
amd64 stable
Changing the subject to clarify we need 1.20.3 for a complete fix. It seems the fix was forgotten in 1.20.2: https://twitter.com/ruehsen/status/1115867894255181834
x86 stable
sparc stable
arm stable
hppa stable
alpha stable
s390 stable
ppc64 stable
ppc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ff2fc4f9445e4c6a87168740825ee7005fcb563 commit 9ff2fc4f9445e4c6a87168740825ee7005fcb563 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-06-12 11:22:55 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-06-12 11:22:55 +0000 net-misc/wget: Security cleanup Bug: https://bugs.gentoo.org/682994 Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/wget/Manifest | 2 - net-misc/wget/wget-1.20.1.ebuild | 118 --------------------------------------- net-misc/wget/wget-1.20.2.ebuild | 118 --------------------------------------- 3 files changed, 238 deletions(-)
This issue was resolved and addressed in GLSA 201908-19 at https://security.gentoo.org/glsa/201908-19 by GLSA coordinator Aaron Bauman (b-man).