Hello, we are pleased to announce the new version of GNU wget 1.19.2.
GNU Wget is a free utility for non-interactive download of files from the Web. It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP proxies. This version fixes CVE-2017-13089 and CVE-2017-13090. The vulnerabilities were found by Antti Levomäki, Christian Jalio, and Joonas Pihlaja from Forcepoint. Thanks go to the Finnish National Cyber Security Centre for coordination. More info at https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/ 2017/haavoittuvuus-2017-037.html. This version also introduces Content-Encoding 'gzip' and several bugs fixes and many smaller improvements. Many thanks go to all the contributors and list activists ! Contributors (from the git log): Adam Sampson anfractuosity Anton Yuzhaninov Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint Benjamin Esham Charles Christof Horschitz Darshit Shah Deian Stefan, Atyansh Jaiswal, Jonathan Luck Gisle Vanem ilovezfs Josef Moellers Juhani Eronen from Finnish National Cyber Security Centre klemens Ludovic Courtès Mike Frysinger Mojca Miklavec Noël Köthe Orange Tsai Tim Landscheidt Tim Rühsen Tim Schlueter Tomas Hozza Vijo Cherian YX Hao The new version is available for download here: https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz and the GPG detached signatures using the key 0x08302DB6A2670428: https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.gz.sig https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.sig To reduce load on the main server, you can use this redirector service which automatically redirects you to a mirror: https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.gz https://ftpmirror.gnu.org/wget/wget-1.19.2.tar.lz Noteworthy changes: * Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling) * Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling) * New option --compression for gzip Content-Encoding * New option --[no]-netrc to control .netrc parsing * Added GNU extensions to .netrc parsing * Improved IDNA 2003 compatibility * Fix VPATH issues * Improved and extended the test suite * Support Wayback Machine's X-Archive-Orig-last-modified * Several bug fixes Please report any problem you may experience to the bug-w...@gnu.org mailing list. For the maintainers of Wget, Tim Rühsen
signature.asc
Description: This is a digitally signed message part.
-- If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.