Bug 527667

Summary: CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: wgetAssignee: Karsten Hopp <karsten>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 12CC: karsten, micah, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://fedoraproject.org/wiki/Security/TrackingBugs
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-10 07:14:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 520454    

Description Tomas Hoger 2009-10-07 09:29:22 UTC 
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

	bug #520454: CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=520454
Comment 1 Tomas Hoger 2009-10-07 09:31:17 UTC 
This is to ensure we have this addressed in rawhide and hence is not missed for EL6.  F10 / F11 are affected too.
Comment 2 Bug Zapper 2009-11-16 13:21:09 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Vincent Danen 2009-11-16 18:45:37 UTC 
This issue still affects Fedora 12, and hence RHEL6.  This needs to be resolved in Fedora 12 to ensure the fix is forward-carried to RHEL6.
Comment 4 Karsten Hopp 2009-11-17 13:34:14 UTC 
wget-1.12-1.fc10, wget-1.12-1.fc11, wget-1.12-1.fc12 have been submitted to Fedora-testing