Hello community, here is the log from the commit of package wget checked in at Thu Mar 29 01:01:25 CEST 2007. -------- --- wget/wget.changes 2006-06-22 14:59:42.000000000 +0200 +++ /mounts/work_src_done/STABLE/wget/wget.changes 2007-03-28 19:14:04.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Mar 28 19:13:11 CEST 2007 - max@suse.de + +- Fixes a null pointer dereference (#231063, CVE-2006-6719) + +------------------------------------------------------------------- New: ---- wget-CVE-2006-6719.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wget.spec ++++++ --- /var/tmp/diff_new_pack.lj8470/_old 2007-03-29 01:01:14.000000000 +0200 +++ /var/tmp/diff_new_pack.lj8470/_new 2007-03-29 01:01:14.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package wget (Version 1.10.2) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -13,11 +13,11 @@ Name: wget BuildRequires: libpng-devel openssl-devel URL: http://wget.sunsite.dk/ -License: GPL +License: GNU General Public License (GPL) Group: Productivity/Networking/Web/Utilities Autoreqprov: on Version: 1.10.2 -Release: 15 +Release: 46 Summary: A Tool for Mirroring FTP and HTTP Servers Source: %name-%version.tar.bz2 Patch: nops_doc.diff @@ -28,6 +28,7 @@ Patch7: wget-1.10.1-strict-aliasing.diff Patch8: wget-ftp-restart.patch Patch9: wget-CAN-2004-1488.patch +Patch10: wget-CVE-2006-6719.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %install_info_prereq @@ -51,6 +52,7 @@ %patch7 -p1 %patch8 %patch9 +%patch10 rename no nb $RPM_BUILD_DIR/wget*/po/no.* %build @@ -91,7 +93,9 @@ %{_bindir}/* %{_datadir}/locale/*/*/* -%changelog -n wget +%changelog +* Wed Mar 28 2007 - max@suse.de +- Fixes a null pointer dereference (#231063, CVE-2006-6719) * Thu Jun 22 2006 - max@suse.de - Removed the unneeded fix for CAN-2004-1487 (bugs #179369 and #185214). ++++++ wget-CVE-2006-6719.patch ++++++ Fixes NULL pointer dereference (CVE-2006-6719) ================================================================================ --- src/ftp-basic.c +++ src/ftp-basic.c @@ -1039,7 +1039,9 @@ first word of the server response)? */ request = strtok (NULL, " "); - if (!strcasecmp (request, "VMS")) + if (request == NULL) + *server_type = ST_OTHER; + else if (!strcasecmp (request, "VMS")) *server_type = ST_VMS; else if (!strcasecmp (request, "UNIX")) *server_type = ST_UNIX; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org