CVE-2019-5953

NameCVE-2019-5953
DescriptionBuffer overflow vulnerability
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4425-1
Debian Bugs926389

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wget (PTS)jessie (security), jessie1.16-1+deb8u5vulnerable
stretch1.18-5+deb9u2vulnerable
stretch (security)1.18-5+deb9u3fixed
buster1.20.1-1vulnerable
sid1.20.1-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wgetsource(unstable)1.20.1-1.1926389
wgetsourcestretch1.18-5+deb9u3DSA-4425-1

Notes

https://jvn.jp/en/jp/JVN25261088/
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 (removed unneeded debug lines in fixing commit)
Fixed in 1.20.3

Search for package or bug name: Reporting problems