[SECURITY] [DLA 536-1] wget security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 536-1] wget security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 30 Jun 2016 22:12:28 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1606302210160.3053@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wget
Version        : 1.13.4-3+deb7u3
CVE ID         : CVE-2016-4971
Debian Bug     : 827003

On a server redirect from HTTP to a FTP resource, wget would trust
the HTTP server and uses the name in the redirected URL as the
destination filename.
This behaviour was changed and now it works similarly as a redirect
from HTTP to another HTTP resource so the original name is used as
the destination file.  To keep the previous behaviour the user must
provide --trust-server-names.

For Debian 7 "Wheezy", these problems have been fixed in version
1.13.4-3+deb7u3.

We recommend that you upgrade your wget packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXdX0sXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHJmYP/2eOxIlZVPs/YZnFPCHi3Wxa
KlosRDCG21c+xVOsoH1dWoulmp2x+xWdYBxAojtn/+vV/lPzMdYv0HCQFyQ54N13
jfOLlXtN4aGsAcpvzkkBSYgBvGR1U/rVjt13W61OjvWoLYIX5L3/kaiKaycF1NQ0
iCXDB1uA0C7Rtszh00SLzW3kA7VPXW9XVZXL+VGuV47O6/72qWGnlkQaaVN0MzD3
mdEXWsoLS7jIva/BsPjqvfdRB0pCKsw65q1zM7HcCwEJnOhd7BjxQqvNjdSjUcxg
Uv8eDlUznM3kG3HnfaWahBNc4LkAs2nBXuB2N00x2Lm0CZCxkqWZI2uiiMsCQkNr
Xms+n1ZRrUGIytAVHrqQzBLlfCDijaStwE0PNu0SnQk8z6enqJmkhkA1wrGGbN2D
Czawk4VEPJGsOTtVH7rpBI7oFnMb17ax2+da3v+awSAIq1DPYW7KrFwNs/49Rns/
4xA4Jgg/xLxlxYZldOnuE11dI3u7MQj9Zy2ff/3+7YMk41CNI+KdnlehusdzLJcZ
TzYHYT+SKDRH+3kCDO9PJFNCP38EP6moiMEBxKxFSY6I4qumnjFdscqkN9xS11sH
FbiTZhS7yu8ESBpG9kfBV9Qoa9YvGiEW4xoKSc4xUuTTiVXEysuAoYC60pOXhOj+
ANCJVuWDkdwlDS093azy
=jeMF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 534-1] libgd2 security update
Next by Date: [SECURITY] [DLA 537-1] roundcube security update
Previous by thread: [SECURITY] [DLA 534-1] libgd2 security update
Next by thread: [SECURITY] [DLA 537-1] roundcube security update
Index(es):
- Date
- Thread