- add fix for CVE-2006-6719

wget-1.10.2-CVE-2006-6719.patch

@@ -0,0 +1,15 @@
+Fixes NULL pointer dereference (CVE-2006-6719) (bz #221483)
+
+--- wget-1.10.2/src/ftp-basic.c.orig	2007-01-04 19:30:31.000000000 +0100
++++ wget-1.10.2/src/ftp-basic.c	2007-01-04 19:31:48.000000000 +0100
+@@ -1038,7 +1038,9 @@ ftp_syst (int csock, enum stype *server_
+      first word of the server response)?  */
+   request = strtok (NULL, " ");
+ 
+-  if (!strcasecmp (request, "VMS"))
++  if (request == NULL)
++    *server_type = ST_OTHER;
++  else if (!strcasecmp (request, "VMS"))
+     *server_type = ST_VMS;
+   else if (!strcasecmp (request, "UNIX"))
+     *server_type = ST_UNIX;

wget.spec

@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols.
 Name: wget
 Version: 1.10.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPL
 Group: Applications/Internet
 Url: http://wget.sunsite.dk/
@@ -14,6 +14,7 @@ Patch5: wget-1.10.1-helpfix.patch
 Patch6: wget-1.10.2-to11.patch
 Patch7: wget-1.10.2-218211.patch
 Patch8: wget-1.10.2-retry186195.patch
+Patch9: wget-1.10.2-CVE-2006-6719.patch
 Provides: webclient
 Prereq: /sbin/install-info
 BuildRequires: perl, openssl-devel, pkgconfig, texinfo, gettext, autoconf
@@ -37,6 +38,7 @@ support for Proxy servers, and configurability.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 cp %{SOURCE2} $RPM_BUILD_DIR/wget-%{version}/po/de.po
 chmod a+x doc/texi2pod.pl
@@ -75,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Wed Jan 10 2007 Karsten Hopp <karsten@redhat.com> 1.10.2-11
+- add fix for CVE-2006-6719
+
 * Thu Dec 08 2006 Karsten Hopp <karsten@redhat.com> 1.10.2-10
 - fix repeated downloads (Tomas Heinrich, #186195)