[Secure-testing-team] Bug#745836: wget: certificate revocation is not checked
Vincent Lefevre
vincent at vinc17.net
Fri Apr 25 17:46:10 UTC 2014
Package: wget
Version: 1.15-1
Severity: grave
Tags: security
Justification: user security hole
Certificate revocation is not checked: wget downloads
https://www.cloudflarechallenge.com/
without any warning or error, contrary to Firefox (and to Chromium
when the CRLSet is up-to-date).
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wget depends on:
ii libc6 2.18-4
ii libgnutls28 3.2.13-2
ii libidn11 1.28-2
ii libnettle4 2.7.1-2
ii libuuid1 2.20.1-5.7
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages wget recommends:
ii ca-certificates 20140325
wget suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list