* [PATCH] wget: Update to 1.18
@ 2016-06-14 10:33 Matthias Fischer
0 siblings, 0 replies; only message in thread
From: Matthias Fischer @ 2016-06-14 10:33 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]
Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget. The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file. To keep the previous behaviour the user must
provide --trust-server-names."
Best,
Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
lfs/wget | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/wget b/lfs/wget
index 20f545b..c22a978 100644
--- a/lfs/wget
+++ b/lfs/wget
@@ -24,7 +24,7 @@
include Config
-VER = 1.17.1
+VER = 1.18
THISAPP = wget-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52
+$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
install : $(TARGET)
--
2.9.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-06-14 10:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-14 10:33 [PATCH] wget: Update to 1.18 Matthias Fischer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox