Slackware64-13.0 ChangeLog (2016-06-13)

Mon Jun 13 07:07:39 UTC 2016

  • patches/packages/wget-1.18-x86_64-1_slack13.0.txz
    This version fixes a security vulnerability present in all old versions
    of wget. On a server redirect from HTTP to a FTP resource, wget would
    trust the HTTP server and use the name in the redirected URL as the
    destination filename. This behaviour was changed and now it works
    similarly as a redirect from HTTP to another HTTP resource so the original
    name is used as the destination file. To keep the previous behaviour the
    user must provide –trust-server-names.
    The vulnerability was discovered by Dawid Golunski and was reported by
    Beyond Security's SecuriTeam.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
    (* Security fix *)
  • news/2016/06/13/slackware64-13.0-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi