patches/packages/wget-1.18-arm-1_slack14.1.txz
This version fixes a security vulnerability present in all old versions
of wget. On a server redirect from HTTP to a
FTP resource, wget would
trust the HTTP server and use the name in the redirected
URL as the
destination filename. This behaviour was changed and now it works
similarly as a redirect from HTTP to another HTTP resource so the original
name is used as the destination file. To keep the previous behaviour the
user must provide –trust-server-names.
The vulnerability was discovered by Dawid Golunski and was reported by
Beyond Security's SecuriTeam.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
(* Security fix *)