On Sep 1, 2015 12:17 PM, "Austin English" <austinenglish@???> wrote:
>
> On Tue, Sep 1, 2015 at 11:08 AM, intrigeri <intrigeri@???> wrote:
> > Hi,
> >
> > Austin English wrote (31 Aug 2015 19:48:50 GMT) :
> >> On Tue, Aug 18, 2015 at 5:03 AM, intrigeri <intrigeri@???> wrote:
> >>> Could you please check:
> >>>
> >>> 1. if this is worth a CVE ID
> >
> > Ping on this part? Without a CVE, it'll be painful to track by the
> > Debian security team.
> >
> >>> 2. if the proposed patchset applies on top of Debian Wheezy's wget
> >
> >> The patch has been applied upstream:
> >>
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
> >
> >> it does not apply cleanly to 1.16.3, conflicting on tests. The source
> >> changes, however, apply without conflict, I've attached that diff.
> >
> > OK, that's a good start. Thanks for checking! I think that resolving
> > the merge conflict will make Debian security team more at ease taking
> > the patch. Does it seem doable?
> >
> > Cheers,
> > --
> > intrigeri
> > _______________________________________________
> > Tails-dev mailing list
> > Tails-dev@???
> > https://mailman.boum.org/listinfo/tails-dev
> > To unsubscribe from this list, send an empty email to
Tails-dev-unsubscribe@???.
>
> I didn't try and won't be able to until next week.
>
> --
> -Austin
Note: the tests weren't too long, so it probably wouldn't be too
difficult. I will look into it next week if no one beats me to it (but
given that it is a security issue, I'd be happy if someone did ;) ).
