Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in all old versions of wget. The vulnerability was discovered by Dawid Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a redirect from HTTP to another HTTP resource so the original name is used as the destination file. To keep the previous behaviour the user must provide --trust-server-names."
Best, Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/wget | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/wget b/lfs/wget index 20f545b..c22a978 100644 --- a/lfs/wget +++ b/lfs/wget @@ -24,7 +24,7 @@
include Config
-VER = 1.17.1 +VER = 1.18
THISAPP = wget-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b0d58ef4963690e71effba24c105ed52 +$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
install : $(TARGET)