[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 851-1] wget security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : wget
Version        : 1.13.4-3+deb7u4
CVE ID         : CVE-2017-6508
Debian Bug     : #857073

It was discovered that there was a header injection vulnerability in wget (a tool
to retrieve files from the web) which allowed remote attackers to inject
arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

For Debian 7 "Wheezy", this issue has been fixed in wget version
1.13.4-3+deb7u4.

We recommend that you upgrade your wget packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljBLt8ACgkQHpU+J9Qx
Hli1HhAAk+WM8qYGqUg1n2NA7BTEFzDWZYSMkRZ0w1NIOHlyUuBo1iM8Kejb7IpR
TqZ7PLrA+0FaUwHiloeBcIkkrvG8qorMPdVK3YazR1jr34Q0AJmp0mPc9ZFvFsNU
WjnYQa4MoIatUV5+Q8a5VT9gt8c+7NoucsZtyvuYs2/8uJ9MXb0UNRgZ28QGxJNV
SsMufjQotDgnNlbsRIc4xYkfsUUEOwDjlzLKYB55+5x1JfGhvMrNdzi5JTCbxhfl
O6op/y8KAn8TY5l0IvmqvCLd2jUxrqusVaQ5LDgKCboZodcLNmh7El6JVgfvbHb6
ehz2MyMfik/aWmiv/eM0V/xRIS48SwFGKsU/lA2fdvCvK/uRvHazj8Yh0Hv5222e
1y00ZRgK9G0LxWf7SsfY6vB9wkI4psfiHJaZxRT8xukt4aYmwWCIcovPT8Hb67Cn
3Y9qNZElRpqtCIq8T4AO3U93Kj04K1LdDWOLKWRmlp9eUoGencZuEC67Q5Y3Om4n
BeLDNiCscArMTAk3h7/gSbOzyqD6pTz777EZhzoJEIrlCOUibsxUvq1K7bgYNzfd
eAaIS5AvoT5gOysXssAe2kBotqZ3lLILV0rJ6UVcDGXaOCDX/doDfTRnF/BP9uBD
7DIwiqw29XjxUp+znV/AsdTCjxw9IoiGKBz9GAFRCLrrBvxQQ94=
=JUyW
-----END PGP SIGNATURE-----
Reply to: