Versions 1.20.2 and 1.20.3 have been released this week, fixing buffer overflows: http://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html http://lists.gnu.org/archive/html/bug-wget/2019-04/msg00015.html
Pushed to testing. Suggested advisory : Wget 1.20.3 fixes buffer overflow vulnerability. Ref : http://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html http://lists.gnu.org/archive/html/bug-wget/2019-04/msg00015.html Single RPM: wget-1.20.3-1.mga6
Assignee: lists.jjorge => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => lists.jjorge
Installed and tested without issues. System: Mageia 6, x86_64, Intel CPU. Tested http, https, ftp, http proxy. $ uname -a Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q wget wget-1.20.3-1.mga6
CC: (none) => mageiaWhiteboard: (none) => MGA6-64-OK
Validating. Suggested advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0143.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Debian has issued an advisory for this on April 5: https://www.debian.org/security/2019/dsa-4425 It looks like CVE-2019-5953 probably refers to the issue fixed in 1.20.3.
Summary: wget new buffer overflow security issues fixed upstream => wget new buffer overflow security issues fixed upstream (including CVE-2019-5953)