Wget 1.19.2 released

info-gnu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wget 1.19.2 released

From:	Tim Rühsen
Subject:	Wget 1.19.2 released
Date:	Thu, 26 Oct 2017 20:40:00 +0200
User-agent:	KMail/5.2.3 (Linux/4.13.0-1-amd64; KDE/5.37.0; x86_64; ; )

Hello,

we are pleased to announce the new version of GNU wget 1.19.2.

GNU Wget is a free utility for non-interactive download of files from the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP
proxies.

This version fixes CVE-2017-13089 and CVE-2017-13090.
The vulnerabilities were found by Antti Levomäki, Christian Jalio, and Joonas 
Pihlaja from Forcepoint.
Thanks go to the Finnish National Cyber Security Centre for coordination.
More info at https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/
2017/haavoittuvuus-2017-037.html.

This version also introduces Content-Encoding 'gzip' and
several bugs fixes and many smaller improvements.

Many thanks go to all the contributors and list activists !

Contributors (from the git log):
Adam Sampson
anfractuosity                                                                   
                                                           
Anton Yuzhaninov                                                                
                                                           
Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint                 
                                                           
Benjamin Esham                                                                  
                                                           
Charles                                                                         
                                                           
Christof Horschitz
Darshit Shah
Deian Stefan, Atyansh Jaiswal, Jonathan Luck
Gisle Vanem
ilovezfs
Josef Moellers
Juhani Eronen from Finnish National Cyber Security Centre
klemens
Ludovic Courtès 
Mike Frysinger
Mojca Miklavec
Noël Köthe
Orange Tsai
Tim Landscheidt
Tim Rühsen
Tim Schlueter
Tomas Hozza
Vijo Cherian
YX Hao


The new version is available for download here:

https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz

and the GPG detached signatures using the key 0x08302DB6A2670428:

https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz.sig
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.sig

To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:

https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.gz
https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.lz


Noteworthy changes:

* Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)

* Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)

* New option --compression for gzip Content-Encoding

* New option --[no]-netrc to control .netrc parsing

* Added GNU extensions to .netrc parsing

* Improved IDNA 2003 compatibility

* Fix VPATH issues

* Improved and extended the test suite

* Support Wayback Machine's X-Archive-Orig-last-modified

* Several bug fixes


Please report any problem you may experience to the address@hidden
mailing list.

For the maintainers of Wget,
Tim Rühsen

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

Wget 1.19.2 released, Tim Rühsen <=

Prev by Date: GNU Screen v.4.6.2
Next by Date: Emms 4.4 released
Previous by thread: GNU Screen v.4.6.2
Next by thread: Emms 4.4 released
Index(es):
- Date
- Thread