Candidate: CVE-2009-3490
PublicDate: 2009-09-30 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490
 https://ubuntu.com/security/notices/USN-842-1
Description:
 GNU Wget before 1.12 does not properly handle a '\0' character in a domain
 name in the Common Name field of an X.509 certificate, which allows
 man-in-the-middle remote attackers to spoof arbitrary SSL servers via a
 crafted certificate issued by a legitimate Certification Authority, a
 related issue to CVE-2009-2408.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549293
 http://savannah.gnu.org/bugs/?27183 (no public)
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wget:
 upstream: http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d
 upstream: http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b
 upstream: http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
upstream_wget: released (1.12)
dapper_wget: released (1.10.2-1ubuntu1.1)
hardy_wget: released (1.10.2-3ubuntu1.1)
intrepid_wget: released (1.11.4-1ubuntu1.1)
jaunty_wget: released (1.11.4-2ubuntu1.1)
devel_wget: released (1.11.4-2ubuntu2)