Please find below the new release of GNU Wget. It fixes a buffer overflow vulnerability which was reported to us by JPCERT.
Here are the compressed sources and a GPG detached signature[*]: https://ftp.gnu.org/gnu/wget/wget-1.20.3.tar.gz https://ftp.gnu.org/gnu/wget/wget-1.20.3.tar.gz.sig Use a mirror for higher download bandwidth: https://ftpmirror.gnu.org/wget/wget-1.20.3.tar.gz https://ftpmirror.gnu.org/wget/wget-1.20.3.tar.gz.sig Here are the MD5 and SHA1 checksums: db4e6dc7977cbddcd543b240079a4899 wget-1.20.3.tar.gz 2b886eab5b97267cc358ab35e42d14d33d6dfc95 wget-1.20.3.tar.gz [*] Use a .sig file to verify that the corresponding file (without the .sig suffix) is intact. First, be sure to download both the .sig file and the corresponding tarball. Then, run a command like this: gpg --verify wget-1.20.3.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver keys.gnupg.net --recv-keys 2A1743EDA91A35B6 and rerun the 'gpg --verify' command. NEWS * Changes in Wget 1.20.3 ** Fixed a buffer overflow vulnerability -- Thanking You, Darshit Shah PGP Fingerprint: 7845 120B 07CB D8D6 ECE5 FF2B 2A17 43ED A91A 35B6
signature.asc
Description: PGP signature
-- If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.