[SECURITY] [DLA 851-1] wget security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : wget
Version : 1.13.4-3+deb7u4
CVE ID : CVE-2017-6508
Debian Bug : #857073
It was discovered that there was a header injection vulnerability in wget (a tool
to retrieve files from the web) which allowed remote attackers to inject
arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
For Debian 7 "Wheezy", this issue has been fixed in wget version
1.13.4-3+deb7u4.
We recommend that you upgrade your wget packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljBLt8ACgkQHpU+J9Qx
Hli1HhAAk+WM8qYGqUg1n2NA7BTEFzDWZYSMkRZ0w1NIOHlyUuBo1iM8Kejb7IpR
TqZ7PLrA+0FaUwHiloeBcIkkrvG8qorMPdVK3YazR1jr34Q0AJmp0mPc9ZFvFsNU
WjnYQa4MoIatUV5+Q8a5VT9gt8c+7NoucsZtyvuYs2/8uJ9MXb0UNRgZ28QGxJNV
SsMufjQotDgnNlbsRIc4xYkfsUUEOwDjlzLKYB55+5x1JfGhvMrNdzi5JTCbxhfl
O6op/y8KAn8TY5l0IvmqvCLd2jUxrqusVaQ5LDgKCboZodcLNmh7El6JVgfvbHb6
ehz2MyMfik/aWmiv/eM0V/xRIS48SwFGKsU/lA2fdvCvK/uRvHazj8Yh0Hv5222e
1y00ZRgK9G0LxWf7SsfY6vB9wkI4psfiHJaZxRT8xukt4aYmwWCIcovPT8Hb67Cn
3Y9qNZElRpqtCIq8T4AO3U93Kj04K1LdDWOLKWRmlp9eUoGencZuEC67Q5Y3Om4n
BeLDNiCscArMTAk3h7/gSbOzyqD6pTz777EZhzoJEIrlCOUibsxUvq1K7bgYNzfd
eAaIS5AvoT5gOysXssAe2kBotqZ3lLILV0rJ6UVcDGXaOCDX/doDfTRnF/BP9uBD
7DIwiqw29XjxUp+znV/AsdTCjxw9IoiGKBz9GAFRCLrrBvxQQ94=
=JUyW
-----END PGP SIGNATURE-----
Reply to: