Package "wget"
| Name: |
wget
|
Description: |
retrieves files from the web
|
| Latest version: |
1.21.2-2ubuntu1.3 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
https://www.gnu.org/software/wget/ |
Links
Download "wget"
Other versions of "wget" in Jammy
Changelog
|
wget (1.21.2-2ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in metalink.
- debian/patches/CVE-2026-58469.patch: Fix buffer overflow in
src/metalink.c
- CVE-2026-58469
* SECURITY UPDATE: Integer overflow in http
- debian/patches/CVE-2026-58470.patch: Fix integer overflow in src/http.c
- CVE-2026-58470
* SECURITY UPDATE: Buffer overflow in convert_fname.
- debian/patches/CVE-2026-58471.patch: Fix buffer overflow in src/url.c
- CVE-2026-58471
* SECURITY UPDATE: Integer and buffer overflow in html_quote_string.
- debian/patches/CVE-2026-58472.patch: Fix integer+buffer overflow in
src/convert.c
- CVE-2026-58472
-- Kyle Kernick <email address hidden> Fri, 10 Jul 2026 16:04:53 -0600
|
| Source diff to previous version |
| CVE-2026-58469 |
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/m |
| CVE-2026-58470 |
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c |
| CVE-2026-58471 |
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that |
| CVE-2026-58472 |
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c |
|
|
wget (1.21.2-2ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: mishandling of semicolons in userinfo
- debian/patches/CVE-2024-38428.patch: properly re-implement userinfo
parsing in src/url.c.
- CVE-2024-38428
-- Marc Deslauriers <email address hidden> Wed, 19 Jun 2024 08:15:59 -0400
|
| CVE-2024-38428 |
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data t |
|
About
-
Send Feedback to @ubuntu_updates