UbuntuUpdates.org

Package "wget"

Name: wget

Description:

retrieves files from the web

Latest version: 1.13.4-2ubuntu1.4
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.gnu.org/software/wget/

Links


Download "wget"


Other versions of "wget" in Precise

Repository Area Version
base main 1.13.4-2ubuntu1
updates main 1.13.4-2ubuntu1.4
PPA: nathan-renniewaldock ppa 1.14-1~ppa1~precise

Changelog

Version: 1.13.4-2ubuntu1.4 2016-06-20 18:06:49 UTC

  wget (1.13.4-2ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: http to ftp redirect spoofed filenames
    - debian/patches/CVE-2016-4971.patch: understand --trust-server-names
      on a HTTP->FTP redirect in src/ftp.*, src/retr.c.
    - CVE-2016-4971

 -- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 10:55:02 +0300

Source diff to previous version

Version: 1.13.4-2ubuntu1.2 2014-10-30 18:06:55 UTC

  wget (1.13.4-2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: remote code execution via absolute path traversal
    vulnerability in FTP
    - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
      src/init.c, check for duplicate file nodes in src/ftp.c, updated
      documentation in doc/wget.texi.
    - CVE-2014-4877
 -- Marc Deslauriers <email address hidden> Thu, 30 Oct 2014 10:08:40 -0400

CVE-2014-4877 wget: FTP symlink arbitrary filesystem access



About   -   Send Feedback to @ubuntu_updates