Bug#829130: jessie-pu: package wget/1.16-1+deb8u1
Control: tags -1 + confirmed
On Tue, 2016-07-05 at 17:09 +0200, Noël Köthe wrote:
> Hello Salvatore and Stable Release Managers,
>
> Am Dienstag, den 05.07.2016, 15:44 +0200 schrieb Salvatore Bonaccorso:
[...]
> > > wget in stable is affected by CVE-2016-4971, an issue where wget
> ...
> > JFTR, if actually Noël Köthe <noel@debian.org> would like to do the
> > upload himself, I can happily hand over.
>
> I wasn't aware of this release bugreport (sorry). Thanks for CC:.
> DSA informed me that there will be no DSA for this CVE and liked to see
> this fixed by a jessie point release.
> https://security-tracker.debian.org/tracker/CVE-2016-4971 (at the end
> "no DSA").
>
> Attached the minor changed debdiff based on the backported patch from
> Salvatore.
Please go ahead.
Regards,
Adam
Reply to: