[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Wget 1.19.2 released
From: |
Tim Rühsen |
Subject: |
Wget 1.19.2 released |
Date: |
Thu, 26 Oct 2017 20:40:00 +0200 |
User-agent: |
KMail/5.2.3 (Linux/4.13.0-1-amd64; KDE/5.37.0; x86_64; ; ) |
Hello,
we are pleased to announce the new version of GNU wget 1.19.2.
GNU Wget is a free utility for non-interactive download of files from the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP
proxies.
This version fixes CVE-2017-13089 and CVE-2017-13090.
The vulnerabilities were found by Antti Levomäki, Christian Jalio, and Joonas
Pihlaja from Forcepoint.
Thanks go to the Finnish National Cyber Security Centre for coordination.
More info at https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/
2017/haavoittuvuus-2017-037.html.
This version also introduces Content-Encoding 'gzip' and
several bugs fixes and many smaller improvements.
Many thanks go to all the contributors and list activists !
Contributors (from the git log):
Adam Sampson
anfractuosity
Anton Yuzhaninov
Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
Benjamin Esham
Charles
Christof Horschitz
Darshit Shah
Deian Stefan, Atyansh Jaiswal, Jonathan Luck
Gisle Vanem
ilovezfs
Josef Moellers
Juhani Eronen from Finnish National Cyber Security Centre
klemens
Ludovic Courtès
Mike Frysinger
Mojca Miklavec
Noël Köthe
Orange Tsai
Tim Landscheidt
Tim Rühsen
Tim Schlueter
Tomas Hozza
Vijo Cherian
YX Hao
The new version is available for download here:
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz
and the GPG detached signatures using the key 0x08302DB6A2670428:
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz.sig
https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.sig
To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:
https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.gz
https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.lz
Noteworthy changes:
* Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)
* Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)
* New option --compression for gzip Content-Encoding
* New option --[no]-netrc to control .netrc parsing
* Added GNU extensions to .netrc parsing
* Improved IDNA 2003 compatibility
* Fix VPATH issues
* Improved and extended the test suite
* Support Wayback Machine's X-Archive-Orig-last-modified
* Several bug fixes
Please report any problem you may experience to the address@hidden
mailing list.
For the maintainers of Wget,
Tim Rühsen
signature.asc
Description: This is a digitally signed message part.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Wget 1.19.2 released,
Tim Rühsen <=