Overview

File _patchinfo of Package patchinfo.3159

<patchinfo incident="3159">
  <issue id="995964" tracker="bnc">VUL-1: CVE-2016-7098: wget: files rejected by access list are kept on the disk for the duration of HTTP connection</issue>
  <issue id="1005091" tracker="bnc">*** glibc detected *** wget: free(): invalid pointer: 0x00007f2fb3b9c076 ***</issue>
  <issue id="1012677" tracker="bnc">wget does not allow tls 1.2 enforcement</issue>
  <issue id="2016-7098" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jmoellers</packager>
  <description>
This update for wget fixes the following issues:

Security issues fixed:
- CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext
  and making them accessible to the current user only. (bsc#995964)

Non security issues fixed:
- bsc#1005091: Don't call xfree() on string returned by usr_error()  
- bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable).
</description>
  <summary>Security update for wget</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places